challengeresponsetyyppistä

Challenge-response authentication is an authentication method in which a server or verifier challenges a claimant to prove knowledge of a secret without transmitting the secret itself. The server sends a challenge, such as a random nonce or timestamp. The claimant uses this challenge, together with a shared secret or private key, to compute a response using a cryptographic function (for example, a hash or an HMAC). The response is sent to the server, which independently computes the expected value using its copy of the secret and verifies the match. If they match, authentication succeeds.

The challenge provides protection against eavesdropping because the secret is not sent in clear. Replay protection

Common implementations include CHAP, used in PPP connections, and other protocols that rely on a challenge

Security considerations include the need to protect the secret used in calculations, secure storage of verifier