Dailydave mailing list archives
Re: SILICA, hashes, etc
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 8 Feb 2007 17:05:59 -0500
One of our early adopters has a CISCO Leap network and I remember reading
of a simple algorithmic crack
for the authentication....has anyone tested it?
LEAP uses MS-CHAPv1 (PPTP circa NT4), which sends the LANMan v1 hash otherwise in the clear. LEAP doesn't actually introduce any new security problems, it just reuses old ones. The debate over what to use for wireless security should be old by now. XP-SP1 and Cisco firmware updates should eliminate the need for substandard third-party supplicants that use substandard third-party crypto. But if there's one thing Cisco's not good at, it's walking away from its own ideas. PaulM _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- SILICA, hashes, etc Dave Aitel (Feb 07)
- Re: SILICA, hashes, etc Thierry Zoller (Feb 08)
- Re: SILICA, hashes, etc Darren Spruell (Feb 08)
- Re: SILICA, hashes, etc Paul Melson (Feb 08)
- Re: SILICA, hashes, etc Thierry Zoller (Feb 08)