... Appendix D: Authentication in CHAP, MS- CHAP, and MS- CHAP v2 Information in this document, including URL and other Internet Web site references, is subject to change ... containing a session ID and an arbitrary challenge string. 2. The remote access client returns a CHAP Response message containing the user name in plain text and a hash of the challenge string, ... an MS- CHAP Response message containing the user name in plain text and a hash of the challenge string, session ID, and the MD4 hash of the client's password using the MD4 one-way hashing...