That places too great a reliance upon the user to maintain a strong password. The strength of the protection should be separated, as far as is technically possible, from the strength of the password.
If more resilient mechanisms exist and are implemented just as trivially then it is foolish to use a weaker mechanism. Regards, Guy > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Amos Gregory > Sent: 31 August 2004 21:58 > To: [EMAIL PROTECTED] > Subject: RE: [OT] Should anyone even use LEAP > > > ASLEAP uses an offline dictionary attack to crack LEAP > passwords. Best practice to use when deploying LEAP is strong > user passwords. > > > Amos > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Alan DeKok > Sent: Tuesday, August 31, 2004 2:01 PM > To: [EMAIL PROTECTED] > Subject: Re: [OT] Should anyone even use LEAP > > Adam Shelley <[EMAIL PROTECTED]> wrote: > > I was just wondering, would this type of setup still be > vulnerable to > this: > > > > http://asleap.sourceforge.net/ > > > > Should LEAP be used in any production environment to ensure security > on > > wireless links? > > It's no more vulnerable than MS-CHAP, except that MS-CHAP > isn't used in wireless sessions. > > EAP-TTLS or EAP-PEAP are preferred for wireless. > > Alan DEKok. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
