topic Re: LEAP and Session Key in Wireless https://community.cisco.com/t5/wireless/leap-and-session-key/m-p/244040#M222434 <HTML><HEAD></HEAD><BODY><P>LEAP is based on symetric keys which are generated on the RADIUS Server and the Client. The Client and Server do authentication using MS-CHAP which uses a U/P. The password is not sent over the network instead a hash key is sent. MSCHAP hashes are known to be volnurable to dictionary attacks. (If I remember correctly LEAP supports mutual auth but I forget how the client authenticates the server). If successfull both the client and the server generate the same WEP key based on the password and other clear text values. The server sends the key to the AP. This transfer is over a wired network but is encrypted. When LEAP is setup, a shared secret must be configured on the RADIUS server and the AP. This secret is used to encrypt the keys passed between the Server and AP. LEAP will also make sure that the WEP keys are rotated. </P><P></P><P>Serge</P></BODY></HTML> Mon, 08 Mar 2004 20:34:03 GMT s.vautour 2004-03-08T20:34:03Z LEAP and Session Key https://community.cisco.com/t5/wireless/leap-and-session-key/m-p/244039#M222433 <P>With LEAP, a session key is used. Cisco docs point out, that after the authentication phase, the session key is distributed from the RADIUS Server to the AP and Client.</P><P></P><P>Does this mean, that the session key is transmitted in cleartext?</P><P></P><P>I would be very happy to have an answer or doc, which offers an answer to my question.</P><P></P><P>Thanks in advance</P><P>Edgar</P> Sun, 04 Jul 2021 16:25:47 GMT https://community.cisco.com/t5/wireless/leap-and-session-key/m-p/244039#M222433 reinke 2021-07-04T16:25:47Z Re: LEAP and Session Key https://community.cisco.com/t5/wireless/leap-and-session-key/m-p/244040#M222434 <HTML><HEAD></HEAD><BODY><P>LEAP is based on symetric keys which are generated on the RADIUS Server and the Client. The Client and Server do authentication using MS-CHAP which uses a U/P. The password is not sent over the network instead a hash key is sent. MSCHAP hashes are known to be volnurable to dictionary attacks. (If I remember correctly LEAP supports mutual auth but I forget how the client authenticates the server). If successfull both the client and the server generate the same WEP key based on the password and other clear text values. The server sends the key to the AP. This transfer is over a wired network but is encrypted. When LEAP is setup, a shared secret must be configured on the RADIUS server and the AP. This secret is used to encrypt the keys passed between the Server and AP. LEAP will also make sure that the WEP keys are rotated. </P><P></P><P>Serge</P></BODY></HTML> Mon, 08 Mar 2004 20:34:03 GMT https://community.cisco.com/t5/wireless/leap-and-session-key/m-p/244040#M222434 s.vautour 2004-03-08T20:34:03Z