LEAP Security Vulnerabilities??

RC4 if used properly is light-weight. 802.11 is employing it in an
unnatural environment, and that causes trouble, including performance
issues.

More specifically -- RC4 is a stream cipher, which means that it must
be employed over a reliable underlying data stream. It's perfect above
TCP, for example. But 802.11 is a packet environment, with no
underlying stream. Accordingly, the base RC4 key -- 40 bits or 112
bits -- is combined with a 24-bit number (sometimes a counter,
sometimes random, but in either case sent in the clear in the packet)
to form an actual RC4 key that's used to encrypt just a single packet.
The problem is that key setup is roughly as expensive as encrypting 300
bytes or thereabouts. So all those 40-byte TCP ACK packets are a lot
more expensive for crypto processing than they should be.

    --Steve Bellovin, http://www.research.att.com/~smb (me)
    http://www.wilyhacker.com ("Firewalls" book)