As clarified in the last section, the WEP algorithm is flawed and insecure in principle; the measures taken so far were largely either 'quick fixes' with limited improvement, or so complicated that they were basically impractical for home use or smaller installations.
After the problems with WEP became public knowledge, the IEEE began with the development of the standard IEEE 802.11i. As an interim solution, the Wi-Fi Alliance defined the Wi-Fi Protected Access (WPA) 'standard'. WPA uses the following changes:
- TKIP and Michael as replacement for WEP
- A standardized handshake procedure between client and AP for determination/transmission of the session key.
- A simplified procedure for deriving the Master Secret mentioned in the last section, which can be performed without a RADIUS server.
- Negotiation of encryption procedure between AP and client.
Encryption makes use of components familiar from WEP but benefits from decisive improvements with the "Michael hash" from improved encryption and the TKIP method for calculation of the RC4 key. Furthermore, the internally incremented IV transmitted in cleartext in the packet is 48 bits long instead of 24--thus the problem with the repeating IV value is practically excluded.
As a further detail, TKIP also mixes the MAC address of the sender into the calculation of the key. This ensures that the use of identical IVs by different senders cannot lead to identical RC4 keys and thus again to attack possibilities.
The Michael hash does not, however, represent a particularly tough cryptographic hurdle: If the attacker can break the TKIP key or get encrypted packets past the CRC check via modifications similar to those for WEP, then not many barriers remain. For this reason, WPA defines countermeasures if a WLAN module detects more than two Michael errors per minute: Both the client and the AP break data transfer off for one minute, afterwards renegotiating the TKIP and Michael keys.