authenticated e-mail with it does not mean that you can go ahead and
make changes to your root or extra instance too. While you're there,
be sure to ask for a pts id, if you want to use your tickets with AFS.
+
+## Upgrading cryptographic strength
+
+You should change your root instance’s password with a command like this, to upgrade your key from critically weak DES encryption algorithm to strong AES encryption:
+
+ kadmin -p andersk/root -q 'cpw -e aes256-cts:normal andersk/root'
+
+(Note: This might make your password incompatible with a [handful of services](http://debathena.mit.edu/trac/ticket/529) that you should not have been using with your root instance in the first place.) You can confirm the change with
+
+ kadmin -p andersk/root -q 'getprinc andersk/root'
+
+which should list a line like
+
+ Key: vno 4, aes256-cts-hmac-sha1-96, no salt