1. A method to authenticate users that avoids sending passwords over the network. It goes something like this (though the details among various programs are different). the client requests access the server sends back random data the client then encrypts/hashes the data using the password the server checks the result In this manner, the client proves it knows the correct password without ever sending it across the wire. Key point: In most cases the user is prompted for the password, which the client then stores in memory. In the use of smart cards, however, the system may give the user the challenge string, which the user then types into the smart card. The smart card then produces a response, which the user must type back into the system. In this way, the user validates that they have the smart card. Key point: Challenge-response systems are thought to be more secure because the challenge/response is different every time. This guards against replay attacks as well as making cracking more difficult. From Hacking-Lexicon