05-23-2002 07:37 AM - edited 07-04-2021 11:11 PM
It appears that the LEAP user ID is transmitted in clear text over the airwaves (password is not) and anyone with a wireless sniffer can see it. Is this normal? Or is there a setting to change this?
06-03-2002 06:13 AM
This is normal. Most usernames are derivatives of their real name or email address or something similar so they can be easily guessed or learned form e-mails, etc. So usernames are not a secure item to start with so it doesnt matter that theyre in clear text.
06-03-2002 10:08 AM
Yea but why start out by giving 50% of the solution to an outsider seeking unauthorized access.
A valid username is one half of the data needed to obtain login privs. Why would you not just encrypt it? Its computationally cheap -- seems like a gimme to me.
-brkn!
06-03-2002 03:09 PM
You can't encrypt it because you don't have an encryption key yet! LEAPs whole purpose is to dynamically derive (at the client and the RADIUS server) a dynamic WEP key, until this is done, you can't encrypt anything.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: