802.11 Encryption Modes

NDIS defines three types of encryption modes that can be enabled or disabled on the 802.11 device. The miniport driver's encryption mode is queried or set through OID_802_11_ENCRYPTION_STATUS.

Encryption modes define the set of cipher suites that can be enabled on the 802.11 device:

  • Encryption1
    WEP encryption is supported and enabled on the device. The device either does not support TKIP and AES, or these cipher suites are disabled.

  • Encryption2
    WEP and TKIP encryption are supported and enabled on the device. The device either does not support AES or this cipher suite is disabled.

  • Encryption3
    WEP, TKIP, and AES encryption are supported and enabled on the device.

    To support Encryption3, miniport drivers must support the AES-CCMP algorithm. Miniport drivers that support other variants of the AES cipher suite must return NDIS_STATUS_NOT_SUPPORTED in response to a setting of OID_802_11_ENCRYPTION_STATUS that specifies Encryption3.

Cipher suites within an encryption mode are ranked based on security preference as follows:

  • AES (most secure)

  • TKIP

  • WEP (least secure)

 

 

Send comments about this topic to Microsoft