Regarding LEAP with TKIP

Jouni Malinen jkmaline at cc.hut.fi
Wed Mar 15 21:42:11 EST 2006


On Wed, Mar 15, 2006 at 03:29:20PM -0800, Tony Beville wrote:

> We have a customer requirement for our wireless device to support Cisco 
> LEAP with TKIP encryption.  Does this even make sense?

In the sense of LEAP not being were secure, it does not make much sense
;-). Anyway, this would be WPA-Enterprise using LEAP as the EAP method..

> We currently have  wpa_supplicant (with our Hermes-II radio) working 
> with what I guess I would called "regular LEAP," using rotating WEP keys.

.. whereas this is IEEE 802.1X (non-WPA) with LEAP as the EAP method.

> Can anyone confirm if LEAP with TKIP is a meaningful thing to do, and if 
> so, what would our wpa_supplicant configuration file look like to 
> support it?

I would not recommend this mode, but yes, it should work. Configuration
for this would be something like this:

network={
    ssid="foo"
    key_mgmt=WPA-EAP
    proto=WPA
    pairwise=TKIP
    group=TKIP
}

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list