5/2     Okay, I think I get it now.  If I want password-less login to
        soda, then I need to do the whole generating the public and private
        keys which requires a pass phrase, if I can put up with entering
        my unix password every time in SSH or PUTTY, then I don't need
        to do the whole ssh-keygen stuff.  Is it correct?
        \_ Yes.  But if you go password-less, then if soda is compromised
	...

5/1     Where can I find step by step instructions to change my ssh pass?
        How do I change my login password?  Sorry I haven't been on unix
        for too long.
        \_ What do you mean?  You mean your login password?  Run passwd.
           You mean the password used to decrypt your private key?  If you
           stored a private key on soda, shouldn't you assume that's been
	...

4/18    Some thoughts about securing a machine.  Feel free to add your
        expert opinions. --ricky
        * Securing a machine that allows interactive logins by users
          is _very_ hard.
        * Reduce suid binary to absolute bare minimum.
        * Perform automatic _remote_ checksums from a machine that is
	...

2/13    Do I really have to point my cisco pix at some cert. authority
        if I want to use keys (instead of "pre-shared secrets") ?
        I can't just self sign?? wtf?
        \_ Actually, why not just create a CA signing cert with OpenSSL
           (it's not that hard), sign a cert with that, and then import the
           CA public key into pix?  Or use a static passphrase for phase I
	...

12/14   Has anyone successfully gotten ssh/scp public key
        authentication to work on Mac OS X?  I'm going from a 10.3.6 client
        machine to a 10.3.6 Server machine, but it doesn't seem to be
        looking at the key.  Is there some strange config setting I'm
        missing or am I just a tard?   -sax
        \_ - On client machine type: ssh-keygen -t dsa
	...

2/29    Anyone here have access to an openbsd machine? I'd like to know if
        their implementation of s/key is broken for SHA-1 and RIPEMD-160
        (at least, it's broken in Yuri Yudin's port of openbsd s/key).
        From RFC 2289, running 'skey -sha1 99 correct' and using
        "OTP's are good" as the passphrase should give
        "AURA ALOE HURL WING BERG WAIT". If someone can try that, I'd
	...

1/20    Hungry Programmers raided by FBI:
        http://csua.org/u/5mp
        \_ wow, bummer. A related question is, suppose you use RSA or some
           hard to crack stuff and encrypt your criminal activities. Would
           they have the resource to crack it?
           \_ you'd go to jail for contempt a la kevein mitnick until you
	...

8/10    I'm looking for an encryption software package for windows 2000 that
        works on a per-directory or drive basis and is transparent.  Meaning
        once I authenticate myself I can create files or copy stuff into the
        folder and it'll be encrypted automatically.  Word, Excel, TurboTax,
        etc should all work with this encrypted folder.  For individual files
        I can use pgp.  But when working with a lot of files, I prefer not to
	...

4/20    John, a question about swiss bank accounts (since you're there).  I've
        heard some news that they're going to stop issuing those secret
        accounts where you don't need any ID to open one.  Is that true?
        And do you know of any banks there that use biometric data to access
        the account?  Like retinal scan or some finger printing device.
        Thanks.
	...

2/28    How come csua doesn't support imap, even when it's from csua itself?
        \_ imap is disabled, but imaps (imap + ssl) is enabled in
           /etc/inetd.conf.
           \_ the certificate is self-signed though.  wouldn't imap-over-ssh
              be more secure?
                \_ feel free to donate enough money for a verisign
	...

9/11    Is it commonly accepted to use rsync between two machines using a
        null passphrase? I haven't found any good workaround. The next best
        thing would be to type the key once per reboot, but that is
        inconvenient and the key stays in memory. So... after a few days of
        googling, root+null passphrase is the best I could come up with.
        \_ If it's a low security site, you can do the null passprase to a
	...

10/7    I'm starting to dig rsync and ssh.  There's some
        caveats that aren't clear to me yet such as how to
        create a passphraseless key but still be able to limit permissions
        on the key.  Anyone know how to do that?
        \_ keychain might be the best you can get-- it keeps your ssh-agent
           running as long as the machine is not rebooted.  That way, you
	...