Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
4
Helpful
1
Replies

LEAP and Session Key

reinke
Level 1
Level 1

‎03-07-2004 03:07 AM - edited ‎07-04-2021 09:25 AM

With LEAP, a session key is used. Cisco docs point out, that after the authentication phase, the session key is distributed from the RADIUS Server to the AP and Client.

Does this mean, that the session key is transmitted in cleartext?

I would be very happy to have an answer or doc, which offers an answer to my question.

Thanks in advance

Edgar

Labels:
0 Helpful
1 Reply 1

s.vautour
Level 1
Level 1

‎03-08-2004 12:34 PM

LEAP is based on symetric keys which are generated on the RADIUS Server and the Client. The Client and Server do authentication using MS-CHAP which uses a U/P. The password is not sent over the network instead a hash key is sent. MSCHAP hashes are known to be volnurable to dictionary attacks. (If I remember correctly LEAP supports mutual auth but I forget how the client authenticates the server). If successfull both the client and the server generate the same WEP key based on the password and other clear text values. The server sends the key to the AP. This transfer is over a wired network but is encrypted. When LEAP is setup, a shared secret must be configured on the RADIUS server and the AP. This secret is used to encrypt the keys passed between the Server and AP. LEAP will also make sure that the WEP keys are rotated.

Serge

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card