Lightweight Extensible Authentication Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 04:17, 3 February 2008 edit 216.166.78.9 (talk) No edit summary ← Previous edit		Latest revision as of 10:50, 18 March 2022 edit undo Sauer202 (talk \| contribs) Extended confirmed users 21,356 edits No edit summary
(28 intermediate revisions by 21 users not shown)
Line 1: ~~The~~ '''Lightweight Extensible Authentication Protocol''' ('''LEAP''') is a proprietary wireless LAN authentication method developed by [[Cisco Systems]]. Important features of LEAP are dynamic [[Wired Equivalent Privacy\|WEP]] keys and [[mutual authentication]] (between a wireless client and a [[RADIUS]] server). LEAP allows for clients to ~~reauthenticate~~re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). ~~----------~~LEAP may be configured to use TKIP instead of dynamic WEP. Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program.<ref>{{cite web\|title=Cisco Compatible Extensions Program\|url= http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html \|publisher= Cisco \|accessdate=2008-02-22}}</ref> An unofficial description of the protocol is available.<ref>{{cite web \|last1=MacNally \|first1=Cameron \|title=Cisco LEAP protocol description \|url=http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt \|archiveurl=https://web.archive.org/web/20070623090417/http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt \|archivedate=23 June 2007 \|date=6 September 2001 \|access-date=11 August 2019 \|url-status=dead }}</ref> == Security Considerations ==▼ LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)\|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's [http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml response] to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security. Automated tools like [http://asleap.sourceforge.net/ ASLEAP] demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.▼ ▲== Security ~~Considerations~~considerations == ~~==External links==~~ ▲Cisco LEAP, similar to [[Wired Equivalent Privacy\|WEP]], has had well-known security weaknesses since 2003 involving offline [[password cracking]].<ref>{{cite web\| title = Cisco LEAP dictionary password guessing\|url=http://xforce.iss.net/xforce/xfdb/12804\|publisher= ISS \|accessdate=2008-03-03}}</ref> LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)\|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's ~~[http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml~~ response] to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{cite web\|title=Cisco ~~Automated~~Security ~~tools~~Notice: ~~like~~Dictionary [Attack on Cisco LEAP Vulnerability \|url=http://~~asleap~~www.~~sourceforge~~cisco.~~net~~com/warp/public/707/cisco-sn-20030802-leap.shtml \|publisher=Cisco \|accessdate=2008-02-22 \|url-status=dead \|archiveurl=https://web.archive.org/web/20080509070724/http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml \|archivedate=2008-05-09 }}</ref> Automated tools like ASLEAP] demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.<ref>{{cite web\|title=asleap\|url= http://www.willhackforsushi.com/?page_id=41\| publisher= Joshua Wright \| accessdate = 2018-01-09}}</ref> *[http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html Cisco Compatible Extensions Program] == References == {{Reflist}} [[Category:Cisco protocols]]▼ ~~{{Compu-network-stub}}~~ ~~{{Crypto-stub}}~~ ~~{{Wireless-stub}}~~ [[Category:Wireless networking]] ▲[[Category:Cisco protocols]] ~~[[de:Lightweight Extensible Authentication Protocol]]~~