Wi-Fi Protected Access (WPA) is a mechanism for securing Wi-Fi (802.11 wireless Ethernet) networks. WPA is a replacement for Wired Equivalent Privacy (WEP), which includes a number of well-known weaknesses. The WPA specification was created by the Wi-Fi Alliance, an industry trade group which owns the trademark to the Wi-Fi name and which certifies Wi-Fi-compliant devices (access points, PC Card adapters, etc.).

WPA is designed for use with an 802.1X authentication server, which distributes unique encryption keys to each connected user. WPA can also be used with the less secure pre-shared key (PSK) mode. Data is encrypted using the RC4 stream cipher, using 128-bit key and a 48-bit initialization vector (IV).

The two most significant improvements in WPA, relative to WEP, are the larger 48-bit initialization vector (vs 24-bit in WEP), and the use of Temporal Key Integrity Protocol (TKIP), which dynamically changes encryption keys during a Wi-Fi session.

In addition to improved encryption and authentication, WPA also provides greatly improved message integrity. WEP's Cyclic Redundancy Check (CRC) is not nearly so secure as WPA's Message Integrity Check (MIC). The frame counter in MIC also effectively blocks replay attacks.

More information about WPA may be found at:

The Wi-Fi Alliance’s Home page

The Wi-Fi Alliance’s WPA page

The Wi-Fi Alliance’s EAP page

 ^{- gc/wa}