HOME

TheInfoList



Click Here for Items Related To - Lightweight Extensible Authentication Protocol
OR:
Lightweight Extensible Authentication Protocol on:   [Wikipedia]   [Google]   [Amazon]

Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by
Cisco Systems Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
. Important features of LEAP are dynamic WEP keys and
mutual authentication Mutual authentication or two-way authentication (not to be confused with two-factor authentication) refers to two parties authenticating each other at the same time in an authentication protocol. It is a default mode of authentication in some prot ...
(between a wireless client and a
RADIUS In classical geometry, a radius ( : radii) of a circle or sphere is any of the line segments from its center to its perimeter, and in more modern usage, it is also their length. The name comes from the latin ''radius'', meaning ray but also the ...
server). LEAP allows for clients to re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP. Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program. An unofficial description of the protocol is available.


Security considerations

Cisco LEAP, similar to WEP, has had well-known security weaknesses since 2003 involving offline password cracking. LEAP uses a modified version of
MS-CHAP MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with pptp3-fix that was in ...
, an
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a
salt Salt is a mineral composed primarily of sodium chloride (NaCl), a chemical compound belonging to the larger class of salts; salt in the form of a natural crystalline mineral is known as rock salt or halite. Salt is present in vast quant ...
to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated
passwords A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
or move to another authentication protocol also developed by Cisco,
EAP-FAST Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in , which made obsolete, and is updated by . EAP is an authentication framework for providing the transport ...
, to ensure security. Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.


References

{{Reflist Cisco protocols Wireless networking