Lightweight Extensible Authentication Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 00:43, 26 November 2005 edit Vanished user kjdioejh329io3rksdkj (talk \| contribs) 399 edits Changing encryption to authentication ← Previous edit		Latest revision as of 10:50, 18 March 2022 edit undo Sauer202 (talk \| contribs) Extended confirmed users 21,356 edits No edit summary
(43 intermediate revisions by 31 users not shown)
Line 1: ~~The~~ '''Lightweight Extensible Authentication Protocol''' ('''LEAP''') is a proprietary wireless LAN authentication method developed by [[Cisco Systems]]. Important features of LEAP are dynamic [[Wired Equivalent Privacy\|WEP]] keys and ~~mutual~~ [[mutual authentication]] (between a wireless client and a [[RADIUS]] server). LEAP allows for clients to ~~reauthenticate~~re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough ~~not~~ to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP. Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program.<ref>{{cite web\|title=Cisco Compatible Extensions Program\|url= http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html \|publisher= Cisco \|accessdate=2008-02-22}}</ref> An unofficial description of the protocol is available.<ref>{{cite web \|last1=MacNally \|first1=Cameron \|title=Cisco LEAP protocol description \|url=http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt \|archiveurl=https://web.archive.org/web/20070623090417/http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt \|archivedate=23 June 2007 \|date=6 September 2001 \|access-date=11 August 2019 \|url-status=dead }}</ref> == Security considerations == Cisco LEAP, similar to [[Wired Equivalent Privacy\|WEP]], has had well-known security weaknesses since 2003 involving offline [[password cracking]].<ref>{{cite web\| title = Cisco LEAP dictionary password guessing\|url=http://xforce.iss.net/xforce/xfdb/12804\|publisher= ISS \|accessdate=2008-03-03}}</ref> LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)\|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{cite web\|title=Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability \|url=http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml \|publisher=Cisco \|accessdate=2008-02-22 \|url-status=dead \|archiveurl=https://web.archive.org/web/20080509070724/http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml \|archivedate=2008-05-09 }}</ref> Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.<ref>{{cite web\|title=asleap\|url= http://www.willhackforsushi.com/?page_id=41\| publisher= Joshua Wright \| accessdate = 2018-01-09}}</ref> == References == {{Reflist}} [[Category:Cisco protocols]] [[Category:Wireless networking]]