Data encryption

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Data encryption

You can think of encryption as locking something valuable into a strong box with a key. Sensitive data is encrypted by using an encryption algorithm and a key, which renders it unreadable without the knowledge of the key. Data encryption keys are determined at connect time between the connecting computers. The use of data encryption can be initiated by your computer or by the server you are connecting to.

Network Connections supports two types of encryption:

  • Microsoft MPPE, which uses RSA RC4 encryption.

  • An implementation of Internet Protocol security (IPSec) that uses Data Encryption Standard (DES) encryption.

Both MPPE and IPSec support multiple levels of encryption, as shown in the following table.

Encryption type Level of encryption supported

MPPE Standard

40-bit, 56-bit

MPPE Strong




IPSec Triple DES


For more information, see the following:


  • Server controls are flexible and can be set to deny the use of encryption, require a specific encryption strength, or allow your computer to select an encryption strength. By default, most servers allow encryption and allow clients to select their encryption methods. This works for most computers. A system administrator sets encryption requirements. To determine your options, contact your system administrator.

  • To enable MPPE-based data encryption for dial-up or virtual private network (VPN) connections, you must select the MS-CHAP, MS-CHAP┬áv2, or EAP-TLS authentication methods. These authentication methods generate the keys used in the encryption process.

  • Virtual Private Networks (VPNs) use encryption depending on the type of server they are connecting to. If the VPN connection is configured to connect to a PPTP server, then MPPE encryption is used. If the VPN is configured to connect to an L2TP server, then IPSec encryption methods are used. If the VPN is configured for an Automatic server type, which is the default selection, then L2TP, and its associated IPSec encryption, will be attempted first, then PPTP, and its associated MPPE encryption.