Guy Tweney discloses one anonymous chip industry employee's suspicions about Cisco's motives in sharing its security standards: But it doesn't sound right to me. Read Guy's essay first. (To better understand the acronyms, read the Wi-Fi Net News article on wireless security.)
I'm a little dubious about his source's expertise because they get several facts wrong. Perhaps they don't understand the implications of WPA, EAP/802.1x, and secured EAP (PEAP, EAP-TTLS). (One of which: Apple's AirPort Card offers LEAP for $80 to $100. But it's proprietary to a platform, which may be one reason Cisco allows the pricing to work that way.)
The bottom line is that LEAP is broken, just not as badly as WEP, and in more theoretical ways than the practical tools to extract WEP keys. Cisco has put its weight behind PEAP (Protected EAP, Encapsulated Authentication Protocol) which is also Microsoft's baby. Microsoft has released PEAP support inside several recent platforms. PEAP is in front of the IETF.
EAP-TTLS is a competing standard with fewer major backers, also in front of the IETF. Neither PEAP nor EAP-TTLS requires preinstalled certificates on each client (as EAP-TLS does, which MSFT also supports), but can start arbitrary SSL/TLS style connections to servers. There are some attacks possible -- disruptive, not hijacking -- for both tunneled EAP methods, but they're much stronger than LEAP and anything else in the field right now.
Clients and servers that support EAP-TLS, EAP-TTLS, and PEAP are all shipping and in increasingly wide use. Add WPA (Wi-Fi Protected Access) into the picture and you get robust security. WPA incorprates the new TKIP encryption methodology, and TKIP or WEP still forms the fundamental session protection even in secured EAP. With secured EAP + WPA you can rotate unbreakable keys (because of the very large initialization vector) every 100 packets or 5 minutes or whatever.
The fact is that LEAP after WPA appears and secured EAP settles down doesn't confer any advantage to Cisco or any vendor. Cisco's actions, in my mind, are a defense against the death of LEAP by having Cisco get its own, non-vetted, proprietary, non-standards-based, non-open specs into silicon before its just too late. [via TechDirt]