Lightweight Extensible Authentication Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 20:13, 12 February 2008 edit 128.164.132.33 (talk) No edit summary ← Previous edit		Latest revision as of 10:50, 18 March 2022 edit undo Sauer202 (talk \| contribs) Extended confirmed users 21,356 edits No edit summary
(27 intermediate revisions by 20 users not shown)
Line 1: ~~The~~ '''Lightweight Extensible Authentication Protocol''' ('''LEAP''') is a proprietary wireless LAN authentication method developed by [[Cisco Systems]]. Important features of LEAP are dynamic [[Wired Equivalent Privacy\|WEP]] keys and [[mutual authentication]] (between a wireless client and a [[RADIUS]] server). LEAP allows for clients to ~~reauthenticate~~re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP. Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program.<ref>{{cite web\|title=Cisco Compatible Extensions Program\|url= http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html \|publisher= Cisco \|accessdate=2008-02-22}}</ref> == Security Considerations ==▼ LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)\|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's [http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml response] to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security. Automated tools like [http://asleap.sourceforge.net/ ASLEAP] demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.▼ An unofficial description of the protocol is available.<ref>{{cite web \|last1=MacNally \|first1=Cameron \|title=Cisco LEAP protocol description \|url=http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt \|archiveurl=https://web.archive.org/web/20070623090417/http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt \|archivedate=23 June 2007 \|date=6 September 2001 \|access-date=11 August 2019 \|url-status=dead }}</ref> ~~==External links==~~ *[http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html Cisco Compatible Extensions Program] ▲== Security ~~Considerations~~considerations == ▲Cisco LEAP, similar to [[Wired Equivalent Privacy\|WEP]], has had well-known security weaknesses since 2003 involving offline [[password cracking]].<ref>{{cite web\| title = Cisco LEAP dictionary password guessing\|url=http://xforce.iss.net/xforce/xfdb/12804\|publisher= ISS \|accessdate=2008-03-03}}</ref> LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)\|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's ~~[http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml~~ response] to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{cite web\|title=Cisco ~~Automated~~Security ~~tools~~Notice: ~~like~~Dictionary [Attack on Cisco LEAP Vulnerability \|url=http://~~asleap~~www.~~sourceforge~~cisco.~~net~~com/warp/public/707/cisco-sn-20030802-leap.shtml \|publisher=Cisco \|accessdate=2008-02-22 \|url-status=dead \|archiveurl=https://web.archive.org/web/20080509070724/http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml \|archivedate=2008-05-09 }}</ref> Automated tools like ASLEAP] demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.<ref>{{cite web\|title=asleap\|url= http://www.willhackforsushi.com/?page_id=41\| publisher= Joshua Wright \| accessdate = 2018-01-09}}</ref> == References == {{Reflist}} [[Category:Cisco protocols]]▼ ~~{{Compu-network-stub}}~~ ~~{{Crypto-stub}}~~ ~~{{Wireless-stub}}~~ [[Category:Wireless networking]] ▲[[Category:Cisco protocols]] ~~[[de:Lightweight Extensible Authentication Protocol]]~~