For data encryption, PPTP uses the Remote Access Server (RAS) “shared-secret” encryption process. It is referred to as a shared-secret encryption process because both ends of the connection share the encryption key. Under the Microsoft implementation of RAS, the shared secret is the user password. (Other encryption methods base the encryption on some key available in public; this second method of encryption is known as public key encryption.)
PPTP uses the PPP encryption and PPP compression schemes. The Compression Control Protocol (CCP) used by PPP is used to negotiate encryption.
The user name and password of the PPTP client is available to the PPTP server and supplied by the PPTP client. An encryption key is derived from the hashed password stored on both the client and server. The RSA RC4 standard is used to create this 40-bit session key based on the client password. This key is used to encrypt all data that is passed over the Internet, keeping the remote connection private and secure.
The data in PPP packets is encrypted. The PPP packet containing a block of encrypted data is then encapsulated into a larger IP datagram for routing over the Internet to the PPTP server. If an Internet hacker intercepted your IP datagram, he or she would find only media headers, IP headers, and then the PPP packet containing a block of encrypted data. It would be indecipherable.
Note Users in the United States and Canada can obtain a 128-bit session key through a cryptography pack for use inside the US. Contact your Microsoft reseller for more information.