Re: LEAP, the saga continues

[Dan Williams <dcbw redhat com>]

On Fri, 2007-07-13 at 19:19 -0400, Darren Albers wrote:
> I think Cisco is just acknowledging the obvious and longstanding
> weaknesses in LEAP and is doing the right thing and advising their
> customers to move to PEAP which works the same from the users
> prospective.

LEAP has been steadily going away for a long time, because there are
well-known exploitable vulnerabilities (dictionary attacks on your
password) that have been around for at least 3 or 4 years.  LEAP hasn't
been considered secure for a long time.  Dynamic WEP with 802.1x is
actually better, but only if you change your WEP key really often.

LEAP also sucks because you can't know whether or not an AP supports it
from the beacon, which is what WPA[2] fixes quite nicely.

Dan

> On 7/13/07, Aaron Konstam <akonstam sbcglobal net> wrote:
> >                                 After all this falderall to get LEAP
> >                                 working in NM I was informed today that
> >                                 CISCO is not sure it wants to ocntinue
> >                                 to support LEAP so people are going to
> >                                 PEAP or is it PEEP.
> >
> > Well as we know in computer things change fast. What a bummer.
> > --
> > =======================================================================
> > Intolerance is the last defense of the insecure.
> > =======================================================================
> > Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam sbcglobal net
> >
> > _______________________________________________
> > NetworkManager-list mailing list
> > NetworkManager-list gnome org
> > http://mail.gnome.org/mailman/listinfo/networkmanager-list
> >
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list