Re: LEAP, and other EAPs.

[Aaron Konstam <akonstam sbcglobal net>]

On Sun, 2007-07-15 at 09:14 -0400, Dan Williams wrote:
> On Fri, 2007-07-13 at 19:19 -0400, Darren Albers wrote:
> > I think Cisco is just acknowledging the obvious and longstanding
> > weaknesses in LEAP and is doing the right thing and advising their
> > customers to move to PEAP which works the same from the users
> > prospective.
> 
> LEAP has been steadily going away for a long time, because there are
> well-known exploitable vulnerabilities (dictionary attacks on your
> password) that have been around for at least 3 or 4 years.  LEAP
> hasn't
> been considered secure for a long time.  Dynamic WEP with 802.1x is
> actually better, but only if you change your WEP key really often.
> 
> LEAP also sucks because you can't know whether or not an AP supports
> it
> from the beacon, which is what WPA[2] fixes quite nicely. 


The above sort of misses several points. One does not have the power to
decide what authorization method an access point supplier uses. I use
LEAP because that is what the University I was contacting uses.

Second, if NM advertises it supports LEAP it should support LEAP. Until
last week it did not at least on Fedora 7.

Third, I am now informed that NM supports PEAP and other EAPs. Does it?
Has anyone actually tried it? I hope so. In addition this ability is
pretty well hidden in the lists of options that nm-applet displays. I
would probably not have found it if Darren Albers had showed me how.


--
=======================================================================
It's not hard to admit errors that are [only] cosmetically wrong. --
J.K. Galbraith
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam sbcglobal net