What is the main feature of the Challenge Handshake Authentication Protocol (CHAP)?

The main feature of the Challenge Handshake Authentication Protocol (CHAP) is the use of a three-way handshake for authentication. In this process, the server challenges the client to prove its identity by responding to a nonce (a random number) that the server generates.

The procedure begins with the server sending a challenge to the client, which is a randomly generated value. The client then responds by combining the received challenge with its own password, applying a hashing function to produce a hash value. Finally, this hash value is sent back to the server. The server performs the same hashing operation using its record of the client's password to check if the hash matches the one received from the client.

This three-step process enhances security because it ensures that the password is never transmitted over the network in clear text and provides mutual authentication. Each session uses a different challenge, mitigating replay attacks. Therefore, the three-way handshake is a fundamental aspect of how CHAP operates, making the choice correct.