First, you should know about the Challenge-Handshake Authentication Protocol(CHAP) and Social Engineering. If you DO NOT know those, you can visit below sites:

When we use the CHAP to authenticate, the client and server know the plaintext of the secret. Although the plaintext of the secret is never sent over the network, the adversaries have plenty of time and computing resources to figure it out. Generally, it's established by usage that the plaintext of the secret should make a change semiannually or quarterly. However the client and server can't change the plaintext frequently. It maybe involve some other factitious risks. That is a incompatible trouble.

The CHAP's another trouble is about the private authentication algorithm. When the CHAP is used, the confidential one-way hash function is accepted as usual to make sure security. In another word, the CHAP can't be used as a public authentication method.

Though the OpenEncryptor is based on CHAP, it has fixed above weaknesses using the social engineering fundamental.

++Show detail information.++

Every time behind the authentication, OpenEncryptor adds a special hash function. The function calculates the hash value as a new secret password using at next time. And that hash value has relation to the secret passwords last time and this time. If the adversaries wanted to know the secret of next time, they must figure out at least continuous three secret passwords before the user makes another logon. Because once the user makes a logon, the secret password will become the old. It doesn't coincide with the new secret password. And it is obviously not feasible to adversaries that they follow up the user all day long.

Using the OpenEncryptor, Even if server gave user the same challenge at every time, the user's client can also figure out the different responses at every time. So it is impossible that the adversaries can crack your real password, and the replay attack is not working.