A Practicle Introduction to S/KEY
			Dan Farmer/Mycroft

Ok, here is your new password card to kizmiaz.dis.org, which is the
newer, faster, better, and hopefully more secure "dis.org".  Do not
give your card to anyone else - as the dis.org policy goes, you may not
share or give away your account (if someone needs one, just talk to me!)

Here is how the new system and your card (which should be that credit
card sized thingee with all the words and numbers on it), which is
called "S/Key", works:

The card contains somewhere around one hundred passwords.  Each time you
log in, via telnet, ftp, whatever, and it prompts you for your login and
password, you'll be using this card.  Each side has 50 passwords; each
password is preceeded by a number (check out the card).  You'll notice
now that when you try to log in, you'll see something like this now:

	login: shipley
	s/key 94 ki84233
	(s/key required)
	Password:

To use the card, you simply type in *ALL* the words to the right of the
number it prompts you with (in this case, the number is "94", to the
right of the "s/key" prompt), and hit return.  A typical password would
look something like:

	face rill wail what neon mug

(Case is *not* important.)  After typing all this, you should be logged
in.  The next time you try to log in, you'll be prompted with a number
one less than the previous one (so in my example, I'd see a "93"); at
the end of logging in a hundred times, you'll need a new card.

That's it.  This is far more secure than old passwords; if you lose the
card, just tell me, and I'll cancel the old one and get you a new one -
think of it as your dis.org credit card ;-).

If you have any questions, whatever, e-mail or call me (510-849-2230),
24 hours a day if it's an emergency.

Pete Shipley

p.s. if it helps (and this is what I do), you can hit the
    "return"/"enter" key when prompted for a password.  The system will
    prompt you again for a password, but this time it will echo to the
    screen what you're typing, so you don't have to wonder if you made
    a typing mistake.  Don't worry about anyone seeing your password as
    you're typing it in - remember, each password may only be used one
    time, so once you log in, it's useless.

    Please try
    to keep track of which challenge you are on. I personally make a
    mark through each one as I use it. If you are prompted with a
    challenge lower then the last one you entered, do not login, and
    contact me immediately.

    Also, if you want more secure login and communication while you
    should look into using ssh instead is telnet see
    http://www.cs.hut.fi/ssh/ for info and free software (ssh uses your
    old password and not S/Key thus extending the life of your s/key
    list).