Abstract

The Point-to-Point Protocol (PPP) [1] provides a standard method for transporting multi-protocol datagrams over point-to-point links. The PPP Compression Control Protocol [2] provides a method to negotiate and utilize compression protocols over PPP encapsulated links. The Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) [3] is a Microsoft-proprietary PPP authentication protocol, providing the functionality to which LAN-based users are accustomed while integrating the encryption and hashing algorithms used on Windows networks. Microsoft Point to Point Encryption (MPPE) [4] is a means of represent- ing PPP packets in an encrypted form. MPPE uses the RSA RC4 [5] algorithm to provide data confidentiality. The length of the session key to be used for initializing encryption tables can be negotiated. MPPE currently supports 40-bit and 128-bit session keys. MPPE session keys are changed frequently; the exact frequency depends upon the options negotiated, but may be every packet. MPPE is negotiated within option 18 [6] in the Compression Control Protocol. This document describes the method used to derive the initial MPPE ses- sion keys from MS-CHAP credentials. The algorithm used to change ses- sion keys during a session is described in [4].

Authors

Glen Zorn (glenzorn@hotmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)