Murali is searching for an authentication protocol for his network and is particularly worried about highly skilled attackers. To address this concern, he requires an authentication protocol that never transfers a user's password in any form. Which authentication protocol would be suitable for Murali's requirements?

Kerberos does not transmit the user's password over the network. Instead, when the user's name is sent to the authentication service, the service retrieves the hash of the user's password from the database and uses it to encrypt data that is then sent back to the user. The user's machine takes the password that the user entered, hashes it, and employs it to decrypt the data sent back by the server. In contrast, Challenge Handshake Authentication Protocol (CHAP) sends the user's password in an encrypted form. RBAC is an access control model and not an authentication protocol. Type II authentication refers to something that the user possesses, like a key or card, as opposed to a password or other secret information.