• I have read this in a book:

    "The personal security model using WPA2 uses PSK as the authentication technology, like WPA. However, WPA2 personal security substitutes AES encryption instead of TKIP."

    It is my understanding that comparing AES to TKIP is wrong. One should compare TKIP with CCMP, then compare AES with RC4. Aren't TKIP and CCMP encryption protocols while AES and RC4 are considered encryption algorithms?

    One more quote from that same book that is not what I understand as well, it is in reference to WPA/WPA2 personal:

    "PSK keys are automatically changed(called rekeying) and authentication between devices after a specified period known as the rekey interval."

    Once again, it is my understanding that the PSK does not itself change. It is the temporal key or PTK that changes after the rekeying interval.

    Thanks in advance for clarification.

  • By (Deleted User)

    M/Q ,
    Your assessment looks correct .

    The migration of the security has been very much like PTK a experience,

    WPA uses TKIP:

    WPA2 uses CCMP:

    This from the Wi-Fi Alliance: glossary:


    Advanced Encryption Standard. The preferred standard for the encryption of commercial and government data using a symmetric block data encryption technique. It is used in the implementation of WPA2. (See 802.11i, WPA2).


    An encryption cipher designed RSA Data Security. It allows key lengths up to 1024 bits and is a component in many encryption schemes, including SSL, WEP, and TKIP. (See SSL, WEP, TKIP).


    Temporal Key Integrity Protocol. The wireless security encryption mechanism in Wi-Fi Protected Access. TKIP uses a key hierarchy and key management methodology that removes the predictability that intruders relied upon to exploit the WEP key. It increases the size of the key from 40 to 128 bits and replaces WEP's single static key with keys that are dynamically generated and distributed by an authentication server, providing some 500 trillion possible keys that can be used on a given data packet. It also includes a Message Integrity Check (MIC), designed to prevent an attacker from capturing data packets, altering them and resending them. By greatly expanding the size of keys, the number of keys in use, and by creating an integrity checking mechanism, TKIP magnifies the complexity and difficulty involved in decoding data on a Wi-Fi network. TKIP greatly increases the strength and complexity of wireless encryption, making it far more difficult-if not impossible-for a would-be intruder to break into a Wi-Fi network. (See AES, WPA, WPA2).


    A mechanism in Wi-Fi Protected Access (WPA)-Personal that allows the use of manually entered keys or passwords to initiate WPA security. The PSK is entered on the access point or home wireless gateway and each PC that is on the Wi-Fi network. After entering the password, Wi-Fi Protected Access automatically takes over. It keeps out eavesdroppers and other unauthorized users by requiring all devices to have the matching password.


    The password also initiates the encryption process which, in WPA is Temporal Key Integrity Protocol (TKIP)

    and in WPA2 is Advanced Encryption Standard (WPA2). (See TKIP, WPA-Personal, WPA2-Personal).

  • Thank you for your comments. I have just one question about this comment:

    "and in WPA2 is Advanced Encryption Standard (WPA2). (See TKIP, WPA-Personal, WPA2-Personal). "

    I still feel that you should substitute CCMP for AES in this comment based on the definitions you gave for RC4 and AES earlier in your post. I have to agree with the study guide on this as it is very firm in the need to separate the encryption algorithms from the encryption process.

    In my study, I have come across what I consider loose definitions and it further increases the complexity of a rather involved subject. One example I see quite often is WPA2 being used in place of 802.11i.

Page 1 of 1
  • 1