MS-CHAP

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, (CHAP).

MS-CHAP is used as one authentication option in Microsoft's implementation of the PPTP protocol for virtual private networks.

It is also used as an authentication option with RADIUS[2] servers which are used with IEEE 802.1X (e.g., WiFi security using the WPA-Enterprise protocol).

The divide-and-conquer attack only requires breaking a single DES key, which is not difficult with modern GPUs and FPGAs.

The developers recommend a move from MSCHAPv2-based connections to certificate-based authentication (such as PEAP-TLS or EAP-TLS).