Since the original WEP definition specified a fixed key length of 40 bits, the only option when a client associated at an AP was whether encryption should be used or not. Key lengths exceeding 40 bits require the key length to be announced. WPA provides a mechanism with which client and AP can agree on the encryption and authentication procedures to be used. The following information is made available:
- A list of encryption methods which the AP provides for the pairwise key—here, WEP is explicitly disallowed.
- A list of authentication methods a client may use to show itself to the WLAN as authorized for access—available methods include EAP/802.1X or PSK.
As mentioned, the original WPA standard specifies only TKIP/Michael as an improved encryption method. With the further development of the 802.11i standard, the AES/CCM method described below was added. In a WPA network it is now possible for some clients to communicate with the AP using TKIP, while other clients use AES.
