Wi-Fi Protected Access (WPA), which is based on a subset of the then-current 802.11i draft.
WPA was carefully designed so that hardware upgrades would not be needed. The processing power of many early access points (APs) was quite limited. The RC4 cipher was chosen for WEP because it does not require a powerful CPU. WPA retains the use of RC4 but adds features designed to address the deficiencies in the way that WEP uses the cipher:
1. Stronger authentication: An 802.1x server, such as a Radius server, can be used to authenticate users individually.
2. A longer key: WPA lengthens the Initialization Vector (IV) to 48 bits and the master key to 128 bits.
3. Temporal Key Integrity Protocol (TKIP) generates different keys for each client and alters keys for each successive packet.
4. A message integrity code (MIC), or cryptographic checksum, verifies that messages have not been altered in transit and protects against replay attempts.
WPA can be used in either of two modes: Personal or Enterprise.
Personal mode: This utilizes manually configured keys in the same manner as WEP. All clients use the same initial master key.
Enterprise mode: The AP uses Extensible Authentication Protocol (EAP) to negotiate a pair-wise master key with each client individually. The AP then verifies the identity of the client with an 802.1x server. The result is that each client that is permitted to use the network is validated against information configured in the 802.1x server and uses a key different from the keys used by other clients.
