Hacked Wi-Fi security standard faces axe

Corporate fears about wireless local area network (Lan) security may be quelled by the Wi-Fi Alliance's decision to improve security and encryption interoperability for a number of 802.11 products.

The Wi-Fi Protected Access (WPA) standard is designed to replace the Wireless Equivalent Privacy (Wep) security protocol, which tests have shown is far too easy to hack.

WPA fixes Wep's cryptographic weaknesses through the use of Temporal Key Integrity Protocol.

This assigns different encryption keys for each packet of data transmitted, as well as carrying out integrity checks and authentication.

WPA will now be integrated as standard into many new wireless Lan products, and vendors said that they will add WPA upgrades to their 802.11 kit.

However, the WPA standard is only one part of the Institute of Electrical and Electronics Engineers' broader 802.11i specification, which is to be ratified in the summer.

Many companies may wait for this before investing in new wireless Lan equipment.

"WPA is certainly a possible option for securing wireless Lans, but some organisations might prefer to wait for 802.11i since it incorporates the Advanced Encryption Standard scheme," said Angelo Lamme, product marketing manager at 3Com's wireless connectivity division.

Companies not wanting to wait for 802.11i should make sure that any WPA-enabled equipment they buy now will be hardware upgradable to 802.11i at a later date.