How to use CHAP Authentication (Challenge Response Authentication) for webSockets?

Email: maixuanviet.com@gmail.com
Skype: maixuanviet.com@outlook.com
Linkein: <a href="https://www.linkedin.com/in/maixuanviet" rel="noopener noreferrer" target="_blank"> linkedin.com/in/maixuanviet
HackerRank: <a href="https://www.hackerrank.com/vietmx" rel="noopener noreferrer" target="_blank"> hackerrank.com/vietmx
Github: github.com/vietmx
Tiktok: <a href="https://www.tiktok.com/@maixuanviet.com" rel="noopener noreferrer" target="_blank"> tiktok.com/@maixuanviet.com

Technology Community › Category: Web Security › How to use CHAP Authentication (Challenge Response Authentication) for webSockets?

0 Vote Up Vote Down

VietMX Staff asked 3 years ago

In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. CHAP is a 3 way handshake:

Client Connects to the websocket server, server then sends a challenge string (random characters of random or set length) to client.
Client responds with the hash of the challenge+shared secret
Server calculates the challenge it sent and the ‘shared secret’ it has locally and compares the client’s hash to it’s own and either authenticates (adds it to approved clients) or drops the client.

You can get a bit further and if the client was dropped we can add him to a blocked list with a timestamp. If the client tries to connect I check if he is in the blocked list and if his timestamp is old enough. Then continue with the CHAP auth for the client again.

Question Tags: Senior Level, Web Security