On Sun, 2007-07-15 at 10:52 -0400, Darren Albers wrote: > On 7/15/07, Aaron Konstam <[EMAIL PROTECTED]> wrote: > > On Sun, 2007-07-15 at 09:14 -0400, Dan Williams wrote: > > > On Fri, 2007-07-13 at 19:19 -0400, Darren Albers wrote: > > > > I think Cisco is just acknowledging the obvious and longstanding > > > > weaknesses in LEAP and is doing the right thing and advising their > > > > customers to move to PEAP which works the same from the users > > > > prospective. > > > > > > LEAP has been steadily going away for a long time, because there are > > > well-known exploitable vulnerabilities (dictionary attacks on your > > > password) that have been around for at least 3 or 4 years. LEAP > > > hasn't > > > been considered secure for a long time. Dynamic WEP with 802.1x is > > > actually better, but only if you change your WEP key really often. > > > > > > LEAP also sucks because you can't know whether or not an AP supports > > > it > > > from the beacon, which is what WPA[2] fixes quite nicely. > > > > > > The above sort of misses several points. One does not have the power to > > decide what authorization method an access point supplier uses. I use > > LEAP because that is what the University I was contacting uses. > > > > Second, if NM advertises it supports LEAP it should support LEAP. Until > > last week it did not at least on Fedora 7. > > It did support it but a patch broke it, it wasn't caught since you > can't test LEAP without Cisco AP's or a LEAP network which none of the > dev's have access to. > > > > > Third, I am now informed that NM supports PEAP and other EAPs. Does it? > > Has anyone actually tried it? I hope so. In addition this ability is > > pretty well hidden in the lists of options that nm-applet displays. I > > would probably not have found it if Darren Albers had showed me how. > > > > > > I have used PEAP and EAP-TLS successfully before. It isn't really > hidden, it is under connect to other network.... If NM detects a > network using EAP then the PEAP or EAP-TLS options are shown. If your > network is not broadcasting and you need to select the options > manually you will need to select connect to other network so I /think/ > all the places you would need to find it are covered. > > As Dan stated in an earlier post LEAP was different because you can't > tell if it is just a normal WEP network or a LEAP network.
I don't think LEAP networks set the "privacy" bit (ie, the WEP bit) in the beacon, which means you can't tell between LEAP or unencrypted networks. That's the same with 802.1x+Dynamic WEP too. Dan _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
