[Dailydave] SILICA, hashes, etc
Darren Spruell
phatbuckett at gmail.com
Thu Feb 8 09:32:22 EST 2007
On 2/8/07, Thierry Zoller <Thierry at zoller.lu> wrote:
> Dear Dave,
>
> DA> One of our early adopters has a CISCO Leap network and I
> DA> remember reading of a simple algorithmic crack for the
> DA> authentication....has anyone tested it?
>
> Asleap - Joshua Wright
> The funny thing is, although Cisco knows it's broken they continue to
> use it in new products.
Another funny thing is, if you confront any Cisco engineer about
LEAP's insecurities, they claim to be encouraging customers to go to
EAP-FAST instead.
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00802030dc.shtml
http://www.ciscopress.com/articles/article.asp?p=369223&seqNum=5&rl=1
Seems the security implementation of EAP-FAST has its own share of
imperfections as well though. I wonder why a more standardized
wireless security protocol didn't appeal to Cisco instead?
DS
More information about the Dailydave
mailing list