A commonly used authentication protocol consisting of the following four steps:
- The client sends a message to the server declaring his identity and requests authentication.
- The server sends a challenge to the client consisting of some random value x.
- The client computes h(password,x) and sends it back as the response. Here h is a hash function with the property that it is essentially impossible to figure out password even if you know both x and h(password,x).
- The server also computes h(password,x) and compares it with the response it got from the client.