Revision as of 01:32, 19 February 2007 edit Tmalcomv (talk \| contribs) 5 edits No edit summary ← Previous edit		Revision as of 01:35, 19 February 2007 edit undo Tmalcomv (talk \| contribs) 5 edits →Security Considerations Next edit →
Line 5: == Security Considerations == LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's [http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml ~~Cisco~~response] ~~responded~~ to the weaknesses of LEAP ~~by suggesting~~suggests that network administrators ~~should~~either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security. Automated tools like [http://asleap.sourceforge.net/ ASLEAP] demonstronstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.

Lightweight Extensible Authentication Protocol: Difference between revisions