
<pre>DISCLAIMER
==========

Q: What is website and what is it used for ?
A: This website is private; if you didn't know about it prior entering
it, please leave immediately.

Q: Seems this is to create Battle.net-compatible authenticator tokens.
Is it true ?
A: Yes. The php code here emulates somehow the Battle.net mobile
authenticator.

Q: Can I test it without creating an account ?
A: You can use demo / demo as a login / password.

Q: Why did you write this ?
A: I am not good with physical authenticators. I tend to lose items a lot.
Thus the reason for this php script.

Q: Is it safe to use ? Can I use it ?
A: No, it's not safe to use, and you can't use it. The whole idea of the
authenticator uses a piece of "secret" that is going to be stored on your
physical device. Sharing this secret with someone you don't trust - ie, me -
isn't secure. Beside, this website is probably not fool-proof against
keyloggings, or worse, hacking. Okay, it's probably safer than NOT using
an authenticator of any kind, but overall that's way less safe than using
the mobile or physical authenticator.

Q: Why do you use it then ? Why are your friends using it ?
A: Because I trust myself, and my friends trust me. This is a network of
trust, and if you're here without knowing me, then you shouldn't trust me.

Q: If I'm still using it, will you provide any guarantee of service ?
A: Are you kidding ? First, don't use this service, and second, I can't
(and even if I could, I won't) provide any guarantee of any kind.

Q: Can you still provide any good hint about how to best use this website ?
A: Don't use it, that's my best advice. If you really insist to use it, then
do NOT use that on your webbrowser on your main machine. Use a different
machine. Note that the website should display nicely on a phone's screen,
especially Android's.

Q: I see that in order to create an account, I need a site password. What is it?
A: I should already have provided it to you. If I hadn't, please contact me, and
I'll send it to you.

Q: I've lost my password information. Could you help me recover my password ?
A: Sure, just send me an e-mail with the md5sum of the new password you want,
as well as your actual login, and I'll reset it.

Q: I'd like to backup the secret of my token, can you provide it to me ?
A: Sure, just send me an e-mail with the current serial of your token, and I'll
send the secret back to you for backup purposes.

Q: I see you're providing the sourcecode of that script. Can I use it ?
A: Yes. You're allowed to use that php script, but for private use only.
Do NOT re-publish it or deploy it on a public website. This is strictly
forbidden for very obvious security reasons. Please contact me if you need
further explanations.

Q: Isn't disclosing the sourcecode causing a weakness in the official Battle.net
authenticator system ?
A: Not at all. The official Battle.net authenticator is a strong and secure
cryptographic system. Knowing the way it works doesn't cause any weakness of
any kind. You can even read it for yourself and understand that this part is
perfectly safe. What is NOT safe is to use that on a website instead of a
closed device, where several people can read the passwords, or worse, get the
secret portions of the tokens.

Q: How do I contact you ?
A: Since you have to know me in order to use that service, you should
already have the answer to that question. Otherwise, get lost.

Q: Should I use the Nihilum Desktop Authenticator instead ?
A: NO!!! That's even worse! That piece of software, even though I never saw it,
is just going to be the next target of all the keyloggers and trojans! Hackers
would be able to steal your account information and the secret part of your
token, all in one!
</pre>