• hi,

    My understanding about these securities are software security patch on top of WEP hardware is WPA with TKIP encryption.  And with hardware enhancements and security enhancement WPA2 with AES encryption emerged.I have seen WPA - TKIP and WPA2 - TKIP, WPA-AES and WPA2-AES on few access points.  Please help me clear this concept.

  • Hi Yuva,

    I completely understand the confusion. Lets talk through this ..
    If you upgrade from WEP -- 
    You can in all likely hood support WPA-TKIP with a software upgrade on the device that supports WEP today. TKIP and WEP both use RC4. However, most hardware can not go from WEP to WAP2/AES because CCMP uses advanced encryption which requires a chip upgrade to support it ..
    WPA - (RC4) - (TKIP)WPA2 - (AES) - (CCMP)

    As to your question about the the security MIX. Standard tells us, WPA-TKIP and WPA2-CCMP. You will see a lot of vendors use WPA2-AES, when in fact, it really should be WPA-CCMP. But they mean the same thing. 
    As for mixing WPA-AES and WPA2-TKIP, this isnt standards based, BUT vendors on the client side and infrastructure side support it. This is why you see it ..
    Some clients like Apple devices have difficulty when they see WLAN security mixed like this. It is always best to keep with standards .. 

    Hope this helps ..

  • Thanks a lot for the info.

    I really want to know the internal operations of WPA-AES and WPA2-TKIP.  What is it that differentiates it from WPA-TKIP and WPA2-AES respectively.  Can you please clear me.

  • There isnt any difference from WPA vs WPA2. WPA is pre standard. WPA2 is based on standard 802.11i. If you looked at captures of both WPA and WPA2 they will be vert similar. 

    So think of WPA / WPA2 as authentication. You either have 802.1X or PSK. 
    I blogged about a lot of this here:

    TKIP / CCMP is encryption. I might suggest reading chapter 3 of the CWSP

Page 1 of 1
  • 1