Can you elaborate further?  If such a flaw does exist, I would definitely
like to fix it.

Dave

> Greetings!,
> 
> There seems to be a flaw in the implementation of the
> CHAP protocol used in NetBSD.  According to my
> understanding, the flaw reduces the level of security 
> provided by CHAP to about the level of PAP.  (BTW, I'm
> looking in the file chap.c, written by Gregory M. Christy;
> I wouldn't mind being corrected if that's not the source
> code used in NetBSD.)  If there are any developer types
> who are interested (and might be persuaded to fix the
> problem), please send me email.  (By the way, I don't
> read this list, so I won't see responses sent here.)
> 
> Regards!
> Jim Gray.
> (jgray@rsa.com)
>