Configuring User Encryption 195

WPA Cipher Suites

WPA supports the following cipher suites for packet encryption, listed from most secure to least secure:

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)—CCMP provides Advanced Encryption Standard (AES) data encryption. To provide message integrity, CCMP uses the Cipher Block Chaining Message Authentication Code (CBC-MAC).

Temporal Key Integrity Protocol (TKIP)—TKIP uses the RC4 encryption algorithm, a 128-bit encryption key, a 48-bit initialization vector (IV), and a message integrity code (MIC) called Michael.

Wired Equivalent Privacy (WEP) with 104-bit keys—104-bit WEP uses the RC4 encryption algorithm with a 104-bit key.

WEP with 40-bit keys—40-bit WEP uses the RC4 encryption algorithm with a 40-bit key.

You can configure AP access ports to support one or more of these cipher suites. For all of these cipher suites, WSS Software dynamically generates unique session keys for each session. WSS Software periodically changes the keys to reduce the likelihood that a network intruder can intercept enough frames to decode a key.

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 195
Image 195
Nortel Networks 2300 manual WPA Cipher Suites