Well after over a decade of learning and teaching on cypherpunks and Perry's cryptography list, and before that comp.risks, reading Cryptogram, scanning bugtraq until I got bored of yet another buffer overflow or MS legacy hack, accumulating a row of crypto books, and zero professional certs or classes, but interacting with a hardcore privacy friend, I'm now employed as a security consultant at a Big Company, at least for a month or two. No govt clearances required, of course. And let me tell you, things are really hilarious out there. Eg the same fixed key in every machine everywhere, and in every driver. And my future boss proposing a million fixed keys to make it harder, where you send the index. A million times more hilarious. One day interviewing, wearing a visitor badge, I hear two building-security people yell a building-access password to each other. Furthermore its a lame password. My future boss was amused at that bit of accidental social engineering and he pointed out that the security company manages several other companies, so the regexp (based on the company name) used for this building was probably extrapolatable to other companies. Humans are such silly critters. Anyway, to everyone who's contributed to my informal education, thanks. I'm not going away, but neither will I have "Il dulce far niente" (The sweetness of doing nothing -S Schear's elegant unemployment motto) Major Variola (ret)