Subject: Re: Does the FreeBSD S/Key vulnerability apply to NetBSD?
To: None <jfw@jfwhome.funhouse.com>
From: Charles M. Hannum <mycroft@ai.mit.edu>
List: current-users
Date: 06/15/1995 14:50:46
As you probably know already, both CERT and Wietse are not exactly
willing to give out information about security holes.  Without taking
the time to study how Wietse's code has changed over time, I can't say
definitively what the problem or the fix was.

However, the S/Key implementation in NetBSD is derived from the
Bellcore distribution, which is claimed to not have this hole.  To the
best of my knowledge at this time, we are not vulnerable to this
attack.