Re: SILICA, hashes, etc

["Darren Spruell" <phatbuckett () gmail com>]

On 2/8/07, Thierry Zoller <Thierry () zoller lu> wrote:
> Dear Dave,
>
> DA> One of our early adopters has a CISCO Leap network and I
> DA> remember reading of a simple algorithmic crack for the
> DA> authentication....has anyone tested it?
>
> Asleap - Joshua Wright
> The funny thing is, although Cisco knows it's broken they continue to
> use it in new products.

Another funny thing is, if you confront any Cisco engineer about
LEAP's insecurities, they claim to be encouraging customers to go to
EAP-FAST instead.

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00802030dc.shtml
http://www.ciscopress.com/articles/article.asp?p=369223&seqNum=5&rl=1

Seems the security implementation of EAP-FAST has its own share of
imperfections as well though. I wonder why a more standardized
wireless security protocol didn't appeal to Cisco instead?

DS
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave