HOME

TheInfoList



Click Here for Items Related To - Lightweight Extensible Authentication Protocol
OR:
Lightweight Extensible Authentication Protocol on:   [Wikipedia]   [Google]   [Amazon]

Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by
Cisco Systems Cisco Systems, Inc. (using the trademark Cisco) is an American multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develops, m ...
. Important features of LEAP are dynamic WEP keys and
mutual authentication Mutual authentication or two-way authentication (not to be confused with two-factor authentication) refers to two parties authenticating each other at the same time in an authentication protocol. It is a default mode of authentication in some prot ...
(between a wireless client and a
RADIUS In classical geometry, a radius (: radii or radiuses) of a circle or sphere is any of the line segments from its Centre (geometry), center to its perimeter, and in more modern usage, it is also their length. The radius of a regular polygon is th ...
server). LEAP allows for clients to re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP. Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program. An unofficial description of the protocol is available.


Security considerations

Cisco LEAP, similar to WEP, has had well-known security weaknesses since 2003 involving offline
password cracking In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an availab ...
. LEAP uses a modified version of
MS-CHAP MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, (CHAP). Versions The protocol exists in two versions, MS-CHAPv1 (defined in ) and MS-CHAPv2 (defined in ). MS-CHAPv2 was introduced with pptp3-fix that was in ...
, an
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...
protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a
salt In common usage, salt is a mineral composed primarily of sodium chloride (NaCl). When used in food, especially in granulated form, it is more formally called table salt. In the form of a natural crystalline mineral, salt is also known as r ...
to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated
passwords A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services ...
or move to another authentication protocol also developed by Cisco, EAP-FAST, to ensure security. Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.


References

{{Reflist Cisco protocols Wireless networking