Greetings!,

There seems to be a flaw in the implementation of the
CHAP protocol used in NetBSD.  According to my
understanding, the flaw reduces the level of security 
provided by CHAP to about the level of PAP.  (BTW, I'm
looking in the file chap.c, written by Gregory M. Christy;
I wouldn't mind being corrected if that's not the source
code used in NetBSD.)  If there are any developer types
who are interested (and might be persuaded to fix the
problem), please send me email.  (By the way, I don't
read this list, so I won't see responses sent here.)

Regards!
Jim Gray.
(jgray@rsa.com)