Quiz Entry - updated: 2026.07.14
What encryption protocols are used by WPA and WPA2, and how do TKIP and AES-CCMP differ?
WPA uses TKIP (improved RC4 with per-packet key changes). WPA2 uses AES-CCMP (block cipher with authenticated encryption). CCMP provides both confidentiality and integrity verification in a single operation.
* TKIP vs AES-CCMP. *
| Protocol | Used By | Cipher | Key Management | Integrity |
|---|---|---|---|---|
| TKIP | WPA | RC4 (same as WEP, but improved) | Key changes per-packet, 128-bit | Michael MIC (Message Integrity Check) |
| AES-CCMP | WPA2 | AES (Advanced Encryption Standard) | 128-bit keys, counter mode | CBC-MAC provides integrity |
TKIP (Temporal Key Integrity Protocol):
- Designed as a temporary upgrade for WEP-era hardware
- Still uses RC4 internally but with critical improvements: per-packet key mixing, longer IV, sequence counter
- Encrypts the Layer 2 payload while maintaining WEP-compatible frame format
- Deprecated — no longer considered secure for new deployments
AES-CCMP (Counter Mode with CBC-MAC Protocol):
- Uses the AES block cipher — considered the gold standard of symmetric encryption
- CCM mode combines:
- Counter mode: Encryption — turns AES into a stream cipher for arbitrary-length data
- CBC-MAC: Authentication — verifies data integrity, detects if encrypted or unencrypted bits were altered
- Destination hosts can verify that the encrypted data hasn't been tampered with — providing both confidentiality and integrity
Tip: If a network offers both TKIP and AES, always select AES. Many older devices still support TKIP for backward compatibility, but using it weakens your security.
Go deeper:
CCMP (cryptography) (Wikipedia) — AES-CCM authenticated encryption of WPA2 contrasted with the older RC4-based TKIP.