05-23-2002 07:37 AM - edited 07-04-2021 11:11 PM
It appears that the LEAP user ID is transmitted in clear text over the airwaves (password is not) and anyone with a wireless sniffer can see it. Is this normal? Or is there a setting to change this?
06-03-2002 06:13 AM
This is normal. Most usernames are derivatives of their real name or email address or something similar so they can be easily guessed or learned form e-mails, etc. So usernames are not a secure item to start with so it doesnt matter that theyre in clear text.
06-03-2002 10:08 AM
Yea but why start out by giving 50% of the solution to an outsider seeking unauthorized access.
A valid username is one half of the data needed to obtain login privs. Why would you not just encrypt it? Its computationally cheap -- seems like a gimme to me.
-brkn!
06-03-2002 03:09 PM
You can't encrypt it because you don't have an encryption key yet! LEAPs whole purpose is to dynamically derive (at the client and the RADIUS server) a dynamic WEP key, until this is done, you can't encrypt anything.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide