Security Basics mailing list archives
RE: LEAP + RADIUS
From: "Storch, Beau" <Beau.Storch () cshs org>
Date: Fri, 6 Jun 2003 09:49:02 -0700
Yes you are correct. Except that I've read to have the key regenerated every 8 minutes, unless you are using TKIP. If you are using TKIP you should change your key regeneration to 4 hours and 40 minutes, per Cisco -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Friday, June 06, 2003 9:01 AM To: 'Leopoldo Dato'; security-basics () securityfocus com Subject: RE: LEAP + RADIUS
-----Original Message----- From: Leopoldo Dato [mailto:ldato () shaw ca] Sent: June 4, 2003 19:11 To: security-basics () securityfocus com Subject: LEAP + RADIUS Informations on how test the vulnerability of a wireless network using LEAP + RADIUS server?
So far as I understand it, LEAP requires RADIUS to operate. What it does is change the WEP key about every 15 minutes. So if a WLAN is using LEAP, it must be using WEP. It should be no more vulnerable than a WLAN not using WEP, and it should be secure against any WEP-cracking utility that doesn't come up with the key in 15 minutes or less. (Vulnerabilities not associated with WEP are not going to be fixed by LEAP, so testing for them is going to be the same as if LEAP were not being used.) David Gillett --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- LEAP + RADIUS Leopoldo Dato (Jun 06)
- RE: LEAP + RADIUS David Gillett (Jun 06)
- <Possible follow-ups>
- RE: LEAP + RADIUS Storch, Beau (Jun 06)