The 802.11i security standard, also known as WPA2, is expected to be ratified in June. However, while the vendor-backed Wi-Fi Alliance has warned that the stronger cryptography may force users to buy new access points and cards, others say that canny users can keep their existing kit if they find the firmware upgrades.

The security standard brings AES, the 128-bit Advanced Encryption Standard to Wi-Fi networks for the first time. AES, a US government procurement standard defined in FIPS (Federal Information Processing Standard) 140-2, gives businesses the kind of strong encryption and sophisticated ciphers they have been asking for. However, it will also require new access cards and in many cases new APs (access points), according to Frank Hanzlik, managing director of the Wi-Fi Alliance.

Current processors in Wi-Fi cards and in many APs are not powerful enough to encrypt and decrypt 128-bit ciphers, says Hanzlik: "Because WPA2 uses AES at its core, it requires an upgrade to support the co-processing needed." The Wi-Fi Alliance refers to 802.11i as WPA2, in reference to its interim standard, WPA.

The possibility that WPA would need a hardware change has been suggested since at least January (see our feature), but may turn out not be such a widespread problem as has been feared. According to Wi-Fi Networking News almost all Wi-Fi equipment in use will support 802.11i with the right firmware upgrades.

"If you hunt, you can find firmware updates for almost all 802.11b devices ever produced," said Glenn Fleishman, editor of Wi-Fi Networking News. "Virtually all Wi-Fi chips shipped since the end of 2002 (including virtually all 802.11g chips) contain the processing core and other elements necessary to handle AES… AES is baked in and just ready for ratification to activate."

A spokesperson for Cisco, one of the largest providers of enterprise APs, said AES is supported in hardware on the IEEE 802.11g versions of AP models 1100, 1200, and the newly announced 1300 outdoor AP/bridge. However, a software upgrade for those devices will be required and will be available free immediately after ratification by the IEEE of the 802.11i standard. Software upgrades will also be available for 802.11a, b and g card-bus and NIC cards.

Karen Pearson, principal marketing manager for wireless products at Intermec Technology, said current WA 21 and WA 22 access points with dual b/g radios will need to be upgraded. A radio module that has the AES encryption chip on it will be available in the late second quarter. In September, a software upgrade that is also required will be available.

Ed Casas, chief architect at Vivato, said the current base station, the Vivato Wi-Fi Switch, has an AES encryption co-processor built in. However, the software for AES is not available and there is no time commitment from the company when it will be available. The next generation product, the VP 2200 base station, will be both 802.11b/g-compatible and will have both hardware and software compatibility with AES.

An Intel spokesperson said its current Centrino processors are compatible with AES. However, AES does require a software upgrade that will be available in the second half of 2004. Also, only Intel dual APs, 802.11/bg will support AES.