DynChap provides an additional pseudo hardware token
based authentication layer for PoPToP virtual private
networks. The authentication uses the user's mobile phone
to generate a hash that needs to be entered along with the
user's password in a custom connection dialogue. Upon
connecting, the VPN verifies the authenticity of the hash. The
hash is generated from a serial (by default 32 printable
characters) stored in the J2ME based mobile phone and the
current time; the VPN server compares this hash against the
serial and current time, minus or plus a small deviation (by
default 2 minutes). If the username, password, and hash
match, access is granted and the custom dialer is closed, the
connection can now be controlled like an ordinary VPN
connection.
