What is the difference between WPA2, WPA, WEP, AES and TKIP?

Just about everywhere you go these days, there is a Wi-Fi network that you can connect to. Whether at home, in the office or in the local coffee shop, there is a plethora of Wi-Fi networks. Every Wi-Fi network is set up with some sort of network security, either open to access for everyone or extremely restricted where only certain clients can connect.

When it comes to Wi-Fi security, there are really only a few options you have, especially if you’re setting up a wireless home network. Today’s three major security protocols are WEP, WPA, and WPA2. The two major algorithms used in these protocols are TKIP and AES with CCMP. Below I will explain some of these concepts in more detail.

Which security option to choose?

If you’re not interested in all the technicalities behind each of these protocols and just want to know which one to select for your wireless router, check out the list below. It is ranked from most secure to least secure. The safer the option you can choose, the better.

If you are not sure if some of your devices can connect using the safest method then I suggest you enable it then check if there are any issues. I thought several devices wouldn’t support the highest encryption, but was surprised to find that they connected just fine.

  1. WPA2 Enterprise (802.1x RADIUS)
  5. WE P
  6. Open (no security)

It is worth noting that WPA2 Enterprise does not use pre-shared keys (PSK), but instead uses the EAP protocol and requires a backend RADIUS server for authentication with a username and password. The PSK you see with WPA2 and WPA is actually the wireless network key that you must enter when you first connect to a wireless network.

WPA2 Enterprise is much more complex to set up and is usually only done in corporate environments or in homes with highly tech savvy owners. In practice, you can only choose from options 2 through 6, although most routers now don’t even have an option for WEP or WPA TKIP anymore because they are insecure.

WEP, WPA and WPA2 Overview

I’m not going to go into too much technical detail about each of these protocols as you could easily google them for a lot more information. Basically, wireless security protocols emerged from the late 1990s and have evolved since then. Fortunately, only a handful of protocols were accepted and therefore it is much easier to understand.


WEP or Wired Equivalent Privacy was released in 1997 along with the 802.11 wireless networking standard. It was supposed to provide confidentiality equivalent to wired networks (hence the name).

WEP started with 64-bit encryption and eventually went all the way up to 256-bit encryption, but the most popular implementation in routers was 128-bit encryption. Unfortunately, soon after WEP was introduced, security researchers discovered several vulnerabilities that allowed them to crack a WEP key within minutes.

Even with upgrades and fixes, the WEP protocol remained vulnerable and easy to penetrate. In response to these issues, the WiFi Alliance introduced WPA or WiFi Protected Access, which was adopted in 2003.


WPA was actually meant to be a workaround until they were able to complete WPA2, which was introduced in 2004 and is now the standard in use today. WPA used TKIP or Temporal Key Integrity Protocol as a way to ensure message integrity. This was different from WEP, which used CRC or Cyclic Redundancy Check. TKIP was much stronger than CRC.

Unfortunately, to keep everything compatible, the WiFi Alliance borrowed some aspects of WEP, making WPA with TKIP insecure as well. WPA included a new feature called WPS (WiFi Secure Setup), which was supposed to make it easier for users to connect devices to the wireless router. However, it had vulnerabilities that allowed security researchers to crack a WPA key in a short time as well.


WPA2 became available way back in 2004 and was officially mandated in 2006. The biggest change between WPA and WPA2 was the use of the AES encryption algorithm with CCMP instead of TKIP.

In WPA, AES was optional, but in WPA2, AES is required and TKIP is optional. In terms of security, AES is much more secure than TKIP. Some issues have been found in WPA2, but these are only issues in corporate environments and do not apply to home users.

WPA uses a 64-bit or 128-bit key, the most common being 64-bit for home routers. WPA2-PSK and WPA2-Personal are interchangeable terms.

So if you need to remember any of this, it’s this: WPA2 is the most secure protocol and AES with CCMP is the most secure encryption. In addition, WPS should be disabled as it is very easy to hack and capture the router PIN, which can then be used to connect to the router. If you have any questions, feel free to comment. Enjoying!

Leave a Reply

Your email address will not be published.