CHAP takes a more sophisticated and secure approach to authentication by creating a unique challege phrase (a randomly generated string) for each authentication. The challenge phrase is combined with device host names using oneway hashing functions to authenticate in way where no static secret information is ever transmitted over the wire.

RFC 2759 Microsoft MS-CHAP-V2 January 2000 The quantity is a 20 octet number encoded in ASCII as 40 hexadecimal digits. The hexadecimal digits A-F (if present) MUST be uppercase. This number is derived from the challenge from the Challenge packet, the Peer-Challenge and NT-Response fields from the Response packet, and the peer password as output by the routine Broken VPN TCP/IP Settings - Microsoft Community Sep 24, 2015 Md5 Decrypt & Encrypt - More than 15.000.000.000 hashes Md5 (Message Digest 5) is a cryptographic function that allows you to make a 128-bits (32 caracters) "hash" from any string taken as input, no matter the length (up to 2^64 bits).This function is irreversible, you can't obtain the plaintext only from the hash. The only way to decrypt your hash is to compare it with a database using our online decrypter.

Appendix A. Encryption Standards Red Hat Enterprise Linux

Cisco IOS Password Encryption Facts - Cisco Jul 21, 2008 StorSimple 8000 series security | Microsoft Docs

Does a VPN utilizing PPTP and MS-CHAPv2 without encryption

CHAP MSCHAP & SPAP -Which 2 require the password to be MS-CHAP stores hashes, the password is not stored. Reversing the encryption is an optional checkbox, that is NOT recommended. Also, the reason the VPN's fail is that they aren't designed to work with the randomizing that occurs with MS-CHAP's regeneration of magic numbers and whatever other hocus-pocus it tries to throw out there to make you "think" you have a more secure connection.