Yes, we support both WPA/TKIP and WPA2/AES due to legacy devices. We also still have an open network (web redirect) for guests and devices that do not support 802.1x. The majority of our users are on the 802.1x network (96%) and the majority on that network are using WPA2 (94%) -- around 10K simultaneous on a weekday, ~50K total. Our configuration software prefers WPA2, as do most clients, and WPA2 is our recommendation to users. We had a project a year and half ago to try and move most of campus to WPA2.
As I understand it the attack is not trivial to perform, however WPA/TKIP should be on the way out. At the same time, because we still allow open access we would rather have someone's traffic encrypted with something that could be broken than in the clear on an open network that doesn't need to be broken. In light of this article I’m wondering if anyone is still sticking with TKIP (for legacy system issues I would guess) as opposed to using AES solely? http://www.idgconnect.com/index.cfm?event=showarticle&cid=116&pk=9433 -- William C. Green e-mail: [email protected]<mailto:[email protected]> Director, Networking phone: +1 512-475-9295 ITS (Information Technology Services) fax: +1 512-471-2449 University of Texas 1 University Station Stop C3800 Austin, TX 78712 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
