Challenge-response is a security procedure for authenticating a subscriber. Depending on the security requirements, the challenge-response procedure can be executed by a simple confirmation at the user level, such as by specifying the e-mail address, telephone number, or password.
For higher security concerns between computers, the dialog can be more complex and based on encryption, algorithms and hash values. Thus, requests from clients are answered by the server with a random byte sequence, called a challenge, and an identifier, which is a random number. The client must answer the request correctly by associating it with a password that is known to the server and client, and then calculates a hash value from this using a hash function, which it sends back to the server. The server also calculates a hash value from the data and compares it with the one sent by the client. If it matches, the request is executed. In the standard, the MD5 algorithm is quoted as the hash function as a minimum requirement.
The challenge-response method is used, among other things, as an authentication method for smart cards and smart cards or for the Radius security protocol. It is also used in IoT security to verify the IoT device.