There is RFC 1994 with the description of the CHAP protocol, where it is stated about the calculation of the "expected value" on the authorizing server based on the data from the user's request. But in this RFC there is no description about the method of calculating it.
Hence the question: for the CHAP protocol, one or several methods of calculating the "expected value" are used, if one, which one?
There is a description of the algorithm
The response is a one-way hash calculated over a stream of
octets followed by (concatenated with) the "secret", followed by (concatenated with) of the Challenge Value. It depends on the algorithm used (16 octets for MD5).
Response Value is the result of calculating a hash function over an array of bytes consisting of an identifier , a secret, and a query ( Challenge ). The length of the response value depends on the hash function algorithm (16 bytes for MD5).
Source: https://ru.stackoverflow.com/questions/699839/
All Articles