datatracker.ietf.org
Sign in
Version 5.7.4, 2014-11-12
Report a bug

Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE)
RFC 3079

Document type: RFC - Informational (March 2001; No errata)
Document stream: Legacy
Last updated: 2013-03-02
Other versions: plain text, pdf, html

Legacy State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 3079 (Informational)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                            G. Zorn
Request for Comments: 3079                                 cisco Systems
Category: Informational                                       March 2001

 Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   The Point-to-Point Protocol (PPP) provides a standard method for
   transporting multi-protocol datagrams over point-to-point links.

   The PPP Compression Control Protocol provides a method to negotiate
   and utilize compression protocols over PPP encapsulated links.

   Microsoft Point to Point Encryption (MPPE) is a means of representing
   PPP packets in an encrypted form.  MPPE uses the RSA RC4 algorithm to
   provide data confidentiality.  The length of the session key to be
   used for initializing encryption tables can be negotiated.  MPPE
   currently supports 40-bit, 56-bit and 128-bit session keys.  MPPE
   session keys are changed frequently; the exact frequency depends upon
   the options negotiated, but may be every packet.  MPPE is negotiated
   within option 18 in the Compression Control Protocol.

   This document describes the method used to derive initial MPPE
   session keys from a variety of credential types.  It is expected that
   this memo will be updated whenever Microsoft defines a new key
   derivation method for MPPE, since its primary purpose is to provide
   an open, easily accessible reference for third-parties wishing to
   interoperate with Microsoft products.

   MPPE itself (including the protocol used to negotiate its use, the
   details of the encryption method used and the algorithm used to
   change session keys during a session) is described in RFC 3078.

Zorn                         Informational                      [Page 1]
RFC 3079                  MPPE Key Derivation                 March 2001

Table of Contents

   1.  Specification of Requirements ............................... 2
   2.  Deriving Session Keys from MS-CHAP Credentials .............. 2
   2.1.  Generating 40-bit Session Keys ............................ 3
   2.2.  Generating 56-bit Session Keys ............................ 3
   2.3.  Generating 128-bit Session Keys ........................... 4
   2.4.  Key Derivation Functions .................................. 5
   2.5.  Sample Key Derivations .................................... 6
   2.5.1.  Sample 40-bit Key Derivation ............................ 6
   2.5.2.  Sample 56-bit Key Derivation ............................ 6
   2.5.3.  Sample 128-bit Key Derivation ........................... 7
   3.  Deriving Session Keys from MS-CHAP-2 Credentials ............ 7
   3.1.  Generating 40-bit Session Keys ............................ 8
   3.2.  Generating 56-bit Session Keys ............................ 9
   3.3.  Generating 128-bit Session Keys ...........................10
   3.4.  Key Derivation Functions ..................................11
   3.5.  Sample Key Derivations ....................................13
   3.5.1.  Sample 40-bit Key Derivation ............................13
   3.5.2.  Sample 56-bit Key Derivation ............................14
   3.5.3.  Sample 128-bit Key Derivation ...........................15
   4.  Deriving MPPE Session Keys from TLS Session Keys ............16
   4.1.  Generating 40-bit Session Keys ............................16
   4.2.  Generating 56-bit Session Keys ............................17
   4.3.  Generating 128-bit Session Keys ...........................17
   5.  Security Considerations .....................................18
   5.1.  MS-CHAP Credentials .......................................18
   5.2.  EAP-TLS Credentials .......................................19
   6.  References ..................................................19
   7.  Acknowledgements ............................................20
   8.  Author's Address ............................................20
   9.  Full Copyright Statement ....................................21

1.  Specification of Requirements

   In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
   "recommended", "SHOULD", and "SHOULD NOT" are to be interpreted as
   described in [6].

2.  Deriving Session Keys from MS-CHAP Credentials

   The Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP-1)
   [2] is a Microsoft-proprietary PPP [1] authentication protocol,
   providing the functionality to which LAN-based users are accustomed

[include full document text]