MPPE, Microsoft Point-To-Point Encryption Protocol

Description Glossary RFCs Publications Obsolete RFCs


Protocol suite: PPP.
Protocol type:PPP encryption protocol.
CCP option:18.
Working groups: pppext, Point-to-Point Protocol Extensions.

RFC 3078:

The Microsoft Point to Point Encryption scheme is a means of representing PPP packets in an encrypted form.

MPPE uses the RSA RC4 algorithm to provide data confidentiality. The length of the session key to be used for initializing encryption tables can be negotiated. MPPE currently supports 40-bit and 128-bit session keys.

MPPE session keys are changed frequently; the exact frequency depends upon the options negotiated, but may be every packet.

MPPE header:

0001020304050607 0809101112131415 1617181920212223 24 25 26 27 28 29 30 31
PPP protocol A B C D Coherency count
Encrypted data :::

PPP protocol. 16 bits.
When MPPE is successfully negotiated by the PPP Compression Control Protocol, the value of this field is 0x00FD. This value MAY be compressed when Protocol-Field-Compression is negotiated.

A, flushed. 1 bit.
This bit indicates that the encryption tables were initialized before this packet was generated. The receiver MUST re-initialize its tables with the current session key before decrypting this packet. If the stateless option has been negotiated, this bit MUST be set on every encrypted packet. Note that MPPC and MPPE both recognize the FLUSHED bit; therefore, if the stateless option is negotiated, it applies to both MPPC and MPPE.

B. 1 bit.
This bit does not have any significance in MPPE.

C. 1 bit.
This bit does not have any significance in MPPE.

D. 1 bit.

0The packet is not encrypted.
1The packet is encrypted.

Coherency count. 12 bits, 0 to 0xFFF.
Used to assure that the packets are sent in proper order and that no packet has been dropped. It is a monotonically increasing counter which incremented by 1 for each packet sent. When the counter reaches 4095 (0x0FFF), it is reset to 0.

Encrypted data. Variable length.
The encrypted data begins with the protocol field. For example, in case of an IP packet (0x0021 followed by an IP header), the MPPE processor will first encrypt the protocol field and then encrypt the IP header. If the packet contains header compression, the MPPE processor is applied AFTER header compression is performed and MUST be applied to the compressed header as well. For example, if a packet contained the protocol type 0x002D (for a compressed TCP/IP header), the MPPE processor would first encrypt 0x002D and then it would encrypt the compressed Van-Jacobsen TCP/IP header.



[RFC 2118] Microsoft Point-To-Point Compression (MPPC) Protocol.

[RFC 3078] Microsoft Point-To-Point Encryption (MPPE) Protocol.

[RFC 3079] Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE).


Obsolete RFCs:

Description Glossary RFCs Publications Obsolete RFCs