Meeting minutes for 2014-07-30
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
========================================================================================================
#fedora-meeting-1: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
========================================================================================================
Meeting started by Sparks_too at 19:00:09 UTC. The full logs are
available at
http://meetbot.fedoraproject.org/fedora-meeting-1/2014-07-30/fedora_secur...
.
Meeting summary
- ---------------
* Roll Call (Sparks_too, 19:00:18)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (Sparks_too, 19:05:59)
* Follow up on last week's action items (10 minutes) (Sparks_too,
19:06:05)
* jrusnack documented the use of fst_owner at
https://fedoraproject.org/wiki/Security_Team#Taking_ownership_of_tracking...
(Sparks_too, 19:06:52)
* sent patches that fix CVE-2014-4440 and CVE-2014-4442, analysis
about CVE-2014-4441, so far no response (jrusnack, 19:09:03)
* Roster (Sparks_too, 19:10:14)
* LINK: https://fedoraproject.org/wiki/Security_Team_Roster
(Sparks_too, 19:10:29)
* that roster needs more info. like, name, bugzilla account, irc nick
at least (jrusnack, 19:11:04)
* ACTION: Sparks to send a message to the list asking people to add
themselves to the roster (Sparks_too, 19:16:56)
* Rewards (Sparks_too, 19:20:55)
* IDEA: Create a badge for fixing 50, 100, 200, 500, and 1000 security
bugs (Sparks_too, 19:22:26)
* ACTION: ignatenkobrain to write a script to somehow get stats from
BZ and use them for the badge system (Sparks_too, 19:26:58)
* AGREED: Badges for fixing 50, 100, 200, 500, and 1000 security bugs.
(Sparks_too, 19:29:16)
* IDEA: Make t-shirts for FST members who close x number of cases
(Sparks_too, 19:29:38)
* IDEA: Hall of fame webpage (Sparks_too, 19:32:13)
* LINK: https://github.com/ignatenkobrain/fedora-security-team
(ignatenkobrain, 19:35:00)
* AGREED: T-shirts for those closing 50 vulnerabilities (pending
funding) (Sparks_too, 19:35:41)
* ACTION: ignatenkobrain to write a script to somehow get stats from
BZ and use them for "hall of fame" FST wiki page (ignatenkobrain,
19:37:00)
* ACTION: ignatenkobrain to request git repo for FST scripts
(ignatenkobrain, 19:38:15)
* AGREED: Hall of Fame showing FST members and their current
vulnerabilities closed count (Sparks_too, 19:38:37)
* Outstanding BZ Tickets (Sparks_too, 19:40:05)
* Monday's numbers: Critical 3, Important 69, Moderate 366, Low 128,
Total 566, Trend -11 (Sparks_too, 19:40:14)
* LINK:
https://bugzilla.redhat.com/query.cgi?bug_status=POST&chfield=bug_status&...
(ignatenkobrain, 19:43:07)
* Open floor discussion (Sparks_too, 19:56:34)
Meeting ended at 20:01:08 UTC.
Action Items
- ------------
* Sparks to send a message to the list asking people to add themselves
to the roster
* ignatenkobrain to write a script to somehow get stats from BZ and use
them for the badge system
* ignatenkobrain to write a script to somehow get stats from BZ and use
them for "hall of fame" FST wiki page
* ignatenkobrain to request git repo for FST scripts
Action Items, by person
- -----------------------
* ignatenkobrain
* ignatenkobrain to write a script to somehow get stats from BZ and
use them for the badge system
* ignatenkobrain to write a script to somehow get stats from BZ and
use them for "hall of fame" FST wiki page
* ignatenkobrain to request git repo for FST scripts
* **UNASSIGNED**
* Sparks to send a message to the list asking people to add themselves
to the roster
People Present (lines said)
- ---------------------------
* Sparks_too (99)
* ignatenkobrain (77)
* jrusnack (29)
* revskills (10)
* bojov (10)
* zodbot (9)
* BVincent (9)
* jsmith (7)
* thoger (3)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJT2U9uAAoJEB/kgVGp2CYvmpAL/001z0BxBKhfB2JU9DUVqkb7
M5gbHtuYVecNxjhBwOG8jumlW+CbOfm1dLbWYbxOBwduoK3PPekVcHi55TX/dHrY
GgdathNWxZlGi8BS0Bm8FsHi61aLB4SRrcdZoL87SacH81KjxUdUdf2PVyiIWHq+
6+8Kd1kFmTlU5AVvlnG0q4O7ji7sqyJ8gmhLJuotess2TucSL0m1SWhUMosJyKzh
CoXqBY6j11JvbRExq7h2M/LyIgJuYyFxf/fII/q+BtuS1ieUIHeo8EdnHuiCygyj
G8awOvYOeOLVUS1kXKFcgqnxpsbq0KiTH4Owcqo28uV4OaW2DwNldpZ6EDHGR0Up
KnRT2qTwbpoSQhjvIWgwlO1qv7WHFAarSNy4TLbivQBYOyRYfGcLcr9TmY3jV58r
t+rU2buDaxuElhWlYlfy+qK4ARXgQkUF7XazN7Ba2ZOlHn2cokjcqCS83sxmfl1x
EDreihCQT2ti3APvgTmeWDbIdKMKDSR6nLfBgqfQ6Q==
=lVmF
-----END PGP SIGNATURE-----
9 years, 7 months
Analysis of CVE-2013-4441: pwgen Phonemes mode has heavy bias and is enabled by default
by Jan Rusnacko
Hello,
this is what I found when analysing phonemes bias in pwgen - I haven`t forwarded this to upstream yet. Comments appreciated.
Analysis of CVE-2013-4441
-------------------------
pwgen [1] has been reported to generate biases pronounceable passwords - issue which was assigned CVE-2013-4441.
See original report: http://www.openwall.com/lists/oss-security/2012/01/22/6
The bias that was reported does not concern probability distribution of characters in pronounceable passwords (for example https://www.miknet.net/security/how-random-password-generators-can-fail/ analysis is completely irrelevant), since they naturally must have some bias towards vowels to be pronounceable. The bias is rather in the overall distribution of passwords: given set of N pronounceable passwords generated by pwgen, certain passwords have substantially more occurrences (original report mentions they are as much as 137 times more likely to be generated than they should be).
l
To illustrate the bias, I disabled the length check and recompiled it to generate 2 character pronounceable passwords. I generated 10 million of them and counted their occurrences, along with increase/decrease with respect to expected count (see attached). From the stats it is clear that bigrams starting with a vowel followed by a consonant are 73% less likely to be generated then expected. On the other hand, diphthongs starting with a vowel are whopping 850% more likely to be generated.
The code makes use of structure elements, which contains characters or diphthongs along with flags:
struct pw_element elements[] = {
{ "a", VOWEL },
{ "ae", VOWEL | DIPTHONG },
{ "ah", VOWEL | DIPTHONG },
{ "ai", VOWEL | DIPTHONG },
{ "b", CONSONANT },
...
Looking at the code (pwgen-2.06/pw_phonemes.c), there are several places which contribute to the bias:
if (should_be == CONSONANT) {
should_be = VOWEL;
} else { /* should_be == VOWEL */
if ((prev & VOWEL) ||
(flags & DIPTHONG) ||
(pw_number(10) > 3))
should_be = CONSONANT;
else
should_be = VOWEL;
}
Variable should_be indicates whether the character which is being added is a VOWEL or CONSONANT. In case it is VOWEL, then there is a possibility variable should_be will be again assigned a VOWEL. This means pairs like oo, ae, ai, ie can possibly be generated if program flow goes through this branch. Bad news is, that pairs like oo, ae, ai, ie etc. are also diphthongs, which means there are two ways of generating them and higher likelihood they will end up in password.
72: should_be = pw_number(2) ? VOWEL : CONSONANT;
This is where should_be is initialized before the first character of password is generated. Since there are less vowels than consonants, yet the initialization split the change 50:50, for odd-length passwords there is a heavy bias towards generating a vowel-starting password.
Another bias comes from the fact that diphthongs are essentially treated as single characters, and since they are of length 2, they are more likely to stay in the password before it is cut-off at max size. This bias not accounted for in any way. Also this bias towards diphthongs and above mentioned condition creates another bias: digrams starting with vowel are less likely (-73 %) than digrams starting with consonant (-8 %).
To even out the bias, I removed diphthongs ah, oh and qu, removed complicated condition and added dice throw to even out diphthong bias (patch and stats attached). Bias with patch is much lower (85 % for vowel diphthongs to -48 % for consonant diphthongs) and perhaps fixes the CVE. But here comes the catch - the patch actually decreases security of pwgen. By removing three diphthongs and removing the weird conditional allowing two vowels in a row, it effectively decreases the number of password that can possibly be generated. Just for digraphs it decreases the password space from 229 to 209. For longer passwords this grows fast and surpasses the bias in generated passwords by magnitude.
For fun I also generated 10 milion of pronounceable digraphs (yeah!) with apg [2] - stats attached. Manpage claims it is based on NIST`s FIPS-181 standard, and it's bias seems much smoother, but not too small either. In fact it might be interesting to conduct thorough research whether pwgen's passwords are more biased than apg's.
For completeness, there are methods for generating pronounceable password with provably no bias (I think [3] is an example, but unfortunately seems patented).
TL;DR
The algorithm in pwgen will inherently produce biased passwords. The fix to mitigate bias will inevitably decrease password space by magnitudes, which lowers the security much more than improves by removing the bias. Also apg password generator based on FIPS-181 has comparably big bias, so it is debatable whether CVE-2013-4441 should be valid at all.
[1] http://sourceforge.net/projects/pwgen/
[2] http://www.adel.nursat.kz/apg/
[3] http://www.google.com/patents/US5588056
--
Jan Rusnacko, Red Hat Product Security
--
Jan Rusnacko, Fedora Security Team
9 years, 7 months
Security Team Meeting minutes 2014-07-23
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Meeting summary
- ---------------
* Roll Call (Sparks, 19:00:13)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (Sparks, 19:06:19)
* Welcome (Sparks, 19:06:30)
* 577 open security bugs in Fedora (Sparks, 19:09:22)
* ACTION: jrusnack to document the use of fst_owner: in the whitepages
of the bugs (Sparks, 19:32:02)
* ACTION: Sparks to create a team roster with links to people's User:
wiki pages. (Sparks, 19:38:17)
* pwgen CVEs (Sparks, 19:43:55)
* LINK: https://bugzilla.redhat.com/1020222 (Sparks, 19:44:08)
* LINK: https://bugzilla.redhat.com/1020249 (Sparks, 19:44:15)
* LINK: https://bugzilla.redhat.com/1020259 (Sparks, 19:44:20)
* LINK: https://bugzilla.redhat.com/1020259 (Sparks, 19:44:24)
* ACTION: jrusnack to follow up with upstream (Sparks, 19:58:02)
* ACTION: Sparks to follow up with Product Security regarding the
validity of the CVEs. (Sparks, 19:58:17)
* Open Floor (Sparks, 19:58:26)
Meeting ended at 20:00:05 UTC.
Action Items
- ------------
* jrusnack to document the use of fst_owner: in the whitepages of the
bugs
* Sparks to create a team roster with links to people's User: wiki
pages.
* jrusnack to follow up with upstream
* Sparks to follow up with Product Security regarding the validity of
the CVEs.
Action Items, by person
- -----------------------
* jrusnack
* jrusnack to document the use of fst_owner: in the whitepages of the
bugs
* jrusnack to follow up with upstream
* Sparks
* Sparks to create a team roster with links to people's User: wiki
pages.
* Sparks to follow up with Product Security regarding the validity of
the CVEs.
* **UNASSIGNED**
* (none)
People Present (lines said)
- ---------------------------
* Sparks (85)
* ignatenkobrain (41)
* jrusnack (36)
* thoger_ (8)
* revskills (7)
* zodbot (6)
* joat (5)
* bojov (4)
Complete logs are available at: http://meetbot.fedoraproject.org/fedora-meeting-1/2014-07-23/fedora_secur...
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJT0BcpAAoJEB/kgVGp2CYvp1kL/0AcG9XurExKuDpelJi8dO1c
G4z397MAkvIcFeaAzy1gmGEzwNUlOpuN1bvgMBKva/nIB0w6amyJiNAR6UNt9D8l
mAgpZDLYbfD0p9OSDMcpUyYWupdrOJB+qR8Y5zXAJ7F5OkHVVjm6HW3gUtUfMJgK
ZyU+fdpexGle7VL5I4EY3FMWXxcfHQFiG08OFMiAIUIpn+yPR/Ml1X+QdNRBeOGT
xg3rhowsNJETFzb0lYQWbFwwfelYVfnV/ry1/AGwn0V7W60VHoPV/ZQVic3uV+PW
3dgLbHYtr17ehVxNF2hpZqDZpYk+mGlPFcg9IVfh4L4+Sh64O/VW4hPaeu6cBtK0
MHqbxZsOSdKutyAomRinIfCENH5/DdggeKXMJompFbqBePOBKwVknZjpfp2Zce2P
M1VRWkVrEX/IfZcGmLRcN6y8bvID87r+tNH9M3iXxHYPyqfsbxKsCsXXgACTf4xw
XWum3Mii2eWXs4WnYGSc5VKkEA60LHWYnWL24SEYww==
=/JW1
-----END PGP SIGNATURE-----
9 years, 8 months
Meeting Today
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
First meeting of the security team will be today at 19:00UTC (15:00 EDT) in #fedora-meeting-1 in Freenode IRC.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTz/mVAAoJEB/kgVGp2CYvXwkL/2eDpEK1PL8rstljTIdzWKjw
Tz/j2KeASd2njDrVOq++nOAr6HkTMbmgsYldryVRg6zSQe2Na++zsV+KcWeCScql
CZKpi6/V6Fyd9Z2f+Cg3rPaMfviAtLzskF8+OQ8bIIjBitUYgmIbxE6iGYRPjHgg
EQHdUx9SXj2q9CFXwRrPHZWcWSVL2QzwjG1fAbxyujbZHfJTvlXus/LHb0gCMwRc
qm4z7KglcRFnkHyYCVPQny75skyVGumeJcKl73C8Xvh2Uvzn2l65d+64ujdNfYTU
8+XEbGR9eYYJ2TeCd1E41c79XgyG2jM+W/vj4LRp3E0o0szP9YVFJ4N5xvTK2Wah
ir1Xu15JJ4nafpOp/XpwGCKZjyMC7FQRvKZ0jlJDo59vMqiO3TrY13WqpjQGohpq
v+3qjpsppwLbgCB130UauegM7MJlJSgFi8RE5OPstEPxU8WLTSY+D6H8MtduTNTE
PP50cEfhreL40Xn1OlZ5M7CpDxjiRJpQimrGq9ZgrA==
=FTgy
-----END PGP SIGNATURE-----
9 years, 8 months
Re: Meeting time
by joat
Work frowns on using their network for this stuff so stuck using extremely
low bandwidth connection over weak cell signal.
On Jul 21, 2014 11:31 AM, "Eric Christensen" <echriste(a)redhat.com> wrote:
> You know, there is a web-based client available.
>
>
> -------- Original message --------
> From: joat <joat(a)757.org>
> Date: 07/18/2014 4:35 PM (GMT-05:00)
> To: Fedora Security Team <security-team(a)lists.fedoraproject.org>
> Subject: Re: Meeting time
>
>
> Rgr. This gives me a few days to set up/test the IRC-over-crappy-cell
> connection.
>
> - Tim
>
> On Fri, Jul 18, 2014 at 10:37 AM, Eric H. Christensen <
> sparks(a)fedoraproject.org> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> On Thu, Jul 17, 2014 at 06:30:02PM -0400, Eric H. Christensen wrote:
>> > I just looked at the survey for determining when a good time is to meet
>> and there isn't a good time to meet. It appears the best times are[0]:
>> >
>> > Fridays at 1:00PM and 2:00PM (US Eastern Time)
>> > Wednesdays at 3:00PM (US Eastern Time)
>> >
>> > Can everyone re-evaluate[1] your availability time, specifically for
>> those times, and see if we can come up with availability for any of those
>> times.
>>
>> Okay, looks like many others weighed in and, adjusting for duplication of
>> some surveys users, it looks like Wednesday at 3:00PM (US Eastern) (19:00
>> UTC) will work for everyone. Lets meet in #fedora-meeting-1 at that time.
>>
>> - --Eric
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQGcBAEBCgAGBQJTyTEoAAoJEB/kgVGp2CYvgH8L/jkOihnLGHchC6Lp9fPkhuN6
>> 8rgN4FaaponCxthzDIwyJmDTAuJoI3shkHM2NhCKhaChWspQnLfTj2bfqA1v2XiI
>> +beq+pwbQnQGOXa/FDgMHe4SVApeMt8eK9qDYZcorYC/Elnrf1jDzuaYdCxpuqKr
>> c8LCRJk8iqnav1vwPoPAZ3fmJHeLrrdFyFR2ycK4XcoyQikBfRIkBi0NHtA+jF0f
>> aKpN9Y6MyDmQx8lM8cNETLInD7XM9wFvhiSxZiuGHFcxvu8OTOBkyM3SlD4kbyuL
>> f684iqGx7XdnFxfKklpDFIim3n57Yt9Hk9WOWDUdDgBgiNyC9s/gC2tHqrOsoGlz
>> u0eu5aeWNWdjhr+MZvTwLkY27tXBuKFX6CLlGnYHAoIPktbmhrfqTJDQkH54DJd1
>> +Tgm4ZGmlCHJfdQMnL6X8ZcytabHPXXsZgyCKEQFRPBZrYEFVeGlo5UW6bMrVqRM
>> 8SizJ/AekmMQcwxFLVDfbxTZemgtegfuKF3aCZchvw==
>> =V1jD
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> security-team mailing list
>> security-team(a)lists.fedoraproject.org
>> https://lists.fedoraproject.org/mailman/listinfo/security-team
>>
>
>
> _______________________________________________
> security-team mailing list
> security-team(a)lists.fedoraproject.org
> https://lists.fedoraproject.org/mailman/listinfo/security-team
>
>
9 years, 8 months
Meeting time
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I just looked at the survey for determining when a good time is to meet and there isn't a good time to meet. It appears the best times are[0]:
Fridays at 1:00PM and 2:00PM (US Eastern Time)
Wednesdays at 3:00PM (US Eastern Time)
Can everyone re-evaluate[1] your availability time, specifically for those times, and see if we can come up with availability for any of those times.
Thanks!
[0] http://whenisgood.net/yk7nyfb/results/cnz58ai
[1] http://whenisgood.net/yk7nyfb
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTyE5nAAoJEB/kgVGp2CYvqRIL+wRis6dclevqS7dub2vheuSp
3YNtm/Ld+30DBsMOUKD2j6yVdShjODvMjNSjqciED6HwgxMgbQZ62aZIXExRZG84
QgunCdtZu9hlEQZixCY5P/N5mPW6F+F6lUrUBSsfiOPKmWHeUfZMFJ2IdjRFDrNz
/Lm+IGSegTxKt44eswmla/EhDAama+hDvlq/qMvaht126cWydjjGlITaLg0xCvGD
bXK2CxlXurK/0bA2pvcW9sbWw/+F/R1lrGuKNBheIH9+J1ZBVnuvAmxhYQfWUAd0
y2Qh89LTLZ7ds8g2FFD7JtDtfARLH6K4bSp5W1Rsdz/Vfymmj9bc3pqHcZV+JA/b
AaSBSFkJ3D8qDVHpH9mmAk77ML30RWLP4YKKUuFE+nUIfe+b8TlSDAhDVnan8PIG
G7DQqzAm/bBZ4rM1MNW9HGl7L5EDEVRoppuCuA1mLJW9/12XSWFL7ZGExhQZFl28
+oiwaW0iWnkCl+/nK1V2u3m7Cn41nsJjrUM2EFuYrg==
=Sbsy
-----END PGP SIGNATURE-----
9 years, 8 months
Weekly bug count
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Critical: 3
Important: 65
Moderate: 378
Low: 131
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTyS/2AAoJEB/kgVGp2CYvxCcL/jsMLGU/cSZDdb6MSdGV7pqE
HWjCpQGS/zAnx66vhIM6Z9iivGAQnJz5tQI1fUFTN+xbFYrktQ0KPw3CmqayleJp
vOF+2ib3xv+tiL9yJVAZqvo/6aoyI+veXQsIneBnxQqPgfKRh7Cm2ElaOBM5WKd7
Yf0R5jPPR9sbiUd018IOiYijagiKXtKoWony5iRvx86nNz99LLc2k5mgm9hv4oqI
Wga4BLJ/26srL+RN80k1VCRa9mY7M60J/e7xD3mLwbe0TCHe+YE6ntzCGziEvw/R
yCOyEmlKtAMuG8mBMN7ooW7jmicB26/iQLOYkU3W5bQoocIX5ls4z3+8jFCrJTv6
WlnlLeyfMH79GDSB+pN0FoWy6YW7C3q+DZhfOGSullK5USiKDBkPvRooCi0hOXj/
JsSiQkM4jrbBT9/7hitrs6HkoKgGQUER8RHkyGY/TRcY3iWXgU9hGEPxdx6KpyLZ
J6xi5ozqS6Ai/shzqvJvC6qZVpDz9sU/QJr3903BqQ==
=X2QK
-----END PGP SIGNATURE-----
9 years, 8 months
Wiki page created
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I've started a wiki page[0] to collect information for the team. I'm not done with it, yet, but I've added the links to the different categories of vulnerabilities to make them easy to access. I'll keep populating the page with additional information and if anyone else would like to populate the page with any information... DO IT (it's a wiki, be bold).
[0] https://fedoraproject.org/wiki/Security_Team
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTyIZmAAoJEB/kgVGp2CYvBCML/A1tBbSnSxeOZFKTLHx0a7Vy
U6jejAOe6yQ0G57GB9/ucZOQsC82o/xUKJdkWfnjxKhWu1rvS4EGR1gunAWyRnsI
mw4Rkota6HYrV2q+Z1l6+rW5M501lab4/lGz9m7eYqEpUW8i9VC39QVSRez1Us5I
uRQaMfLCvucuXsUcAwUwH3v2fH2H/pyyMXLkUfhY+cOujxmISL+q3XlJbwzCSi3c
mJC4HimhcYi583qdgWC2f3GnGBfiUqd5YdyzNsJVLo9hnXsCb5xbolI+oihyqSsM
c6lQeeBW7XwZbLL1Pjh1NCOcDAkD07HsyDw8PiGinUfe98ahv9ARaWMkg6SKJNgX
KKVnd/Avr1W+Y/hwRc6MRlODYRUHHIND1plbljiwD7yffVqVu7fVgBBzeK+swVQV
FtIlNePmA49o/ineOpl0vcp/5Kt/99taGMLRDmmu1ybQrk76iBaCVc+/MhjmLHU0
pUQM1SEUV+SQZNsldfecXNs6eKQS0B28M7nSNytILQ==
=ktwJ
-----END PGP SIGNATURE-----
9 years, 8 months