LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What encryption protocols are used by WPA and WPA2, and how do TKIP and AES-CCMP differ?

WPA uses TKIP (improved RC4 with per-packet key changes). WPA2 uses AES-CCMP (block cipher with authenticated encryption). CCMP provides both confidentiality and integrity verification in a single operation.

TKIP (RC4, Michael MIC, deprecated) vs AES-CCMP (AES counter mode + CBC-MAC).

* TKIP vs AES-CCMP. *

Protocol Used By Cipher Key Management Integrity
TKIP WPA RC4 (same as WEP, but improved) Key changes per-packet, 128-bit Michael MIC (Message Integrity Check)
AES-CCMP WPA2 AES (Advanced Encryption Standard) 128-bit keys, counter mode CBC-MAC provides integrity

TKIP (Temporal Key Integrity Protocol):

  • Designed as a temporary upgrade for WEP-era hardware
  • Still uses RC4 internally but with critical improvements: per-packet key mixing, longer IV, sequence counter
  • Encrypts the Layer 2 payload while maintaining WEP-compatible frame format
  • Deprecated — no longer considered secure for new deployments

AES-CCMP (Counter Mode with CBC-MAC Protocol):

  • Uses the AES block cipher — considered the gold standard of symmetric encryption
  • CCM mode combines:
    • Counter mode: Encryption — turns AES into a stream cipher for arbitrary-length data
    • CBC-MAC: Authentication — verifies data integrity, detects if encrypted or unencrypted bits were altered
  • Destination hosts can verify that the encrypted data hasn't been tampered with — providing both confidentiality and integrity

Tip: If a network offers both TKIP and AES, always select AES. Many older devices still support TKIP for backward compatibility, but using it weakens your security.

Go deeper:

From Quiz: NETW2 / WLAN Concepts | Updated: Jul 14, 2026