Date: Wed, 3 Jun 1998 15:24:50 +0100 From: Damir Rajnovic Subject: CISCO PIX Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hello there, Additional details regarding CISCO's Field Notice - PIX Private Link Key Processing and Cryptography Issues CISCO PIX Private Link feature uses DES key that is only 48 bits in length. It is not obvious straight away since key is internally expanded from 7-bytes (as entered in command line) to 8-bytes that is used by DES. If you dig into that expansion algorithm you'll find that third byte, counting from the right, is not used at all. This is how key is expanded: #!/usr/local/bin/perl # Key used by DES @key_data=( 0, 0, 0, 0, 0, 0, 0, 0 ); # Key entered in LINK statement @key_in = ( 0x00, 0x00, 0x00, 0x00, 0x00, 0xda, 0xaa ); # Key expansion algorithm $byte = ($key_in[6] & 0x3F) << 2; $key_data[6] |= $byte; $byte = ($key_in[6] & 0xC0) >> 5; $key_data[5] |= $byte; $byte = ($key_in[5] & 0x7F) << 1; $key_data[7] = $byte; $byte = ($key_in[5] & 0x80) >> 6; $key_data[6] |= $byte; # # Byte 4 (from left) seems to be ignored # $byte = ($key_in[3] & 0x01) << 7; $key_data[1] |= $byte; $key_data[0] = ($key_in[3] & 0xFE ); $byte = $key_in[2] & 0x03; $key_data[2] |= ($byte << 6); $byte = ($key_in[2] & 0xFC) >> 1; $key_data[1] |= $byte; $byte = $key_in[1] & 0x07; $key_data[3] |= ($byte << 5 ); $byte = $key_in[1] & 0xF8; $key_data[2] |= ($byte >> 2); $byte = $key_in[0] & 0x0F; $key_data[4] |= ($byte << 4); $byte = $key_in[0] & 0xF0; $key_data[3] |= ($byte >> 3); # # Now you can use key in @key_data for encryption Apparently, knowing what bits are fixed will not bring attacker any additional 'gain' in breaking a DES. At least I was told that by people from sci.crypt group. Another thing is that PIX is using DES in ECB mode. CISCO admits that "....ECB is not generally considered to be the best mode in which to employ DES,...." but you'll have to live with it. CISCO will not fix that so you'll have to buy future IPSEC/IKE products. Cheers, Gaus -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use iQCVAwUBNXUJgMAFeq0PniW5AQGQXAP9Gj7AvwHtvzgv0FlAVIOfRlHCWKN+APdM VsGfvPKXxxkZbmJKu/27J0mChsx7Kp60TXWMATiaosVHSBVYpm5vQ8B1ljF9GZtz FJcuo/wN746coNaQSHiJv4jytun7VzmG6/gJF3O746GrAMhzj2VTeSvUlGMVx2a0 NlNhH7HJ8Yo= =ow3T -----END PGP SIGNATURE----- --------------------------------------------------------------- EuroCERT tel: (+44 1235) 822 382 c/o UKERNA fax: (+44 1235) 822 398 Atlas Centre Chilton, Didcot Oxfordshire OX11 0QS, UK --------------------------------------------------------------------------- Date: Wed, 3 Jun 1998 19:25:30 -0700 From: David Wagner Subject: Re: CISCO PIX Vulnerability In article you write: > CISCO PIX Private Link feature uses DES key that is only 48 bits in length. [...] > Apparently, knowing what bits are fixed will not bring attacker > any additional 'gain' in breaking a DES. At least I was told that by > people from sci.crypt group. Either the sci.crypt folks were confused, or I am. With only 48 unknown bits in the DES key, you can break the encryption 2^8 = 256 times faster than you can break DES. This is a serious weakness. > Another thing is that PIX is using DES in ECB mode. My god, that's atrocious! This is ``kindergarten crypto'' (to steal a quote from Bruce Schneier). You can probably break a fair amount of traffic with classical frequency analysis (roughly like solving a simple substitution cipher like in the back of the daily newspapers, only trickier). Stereotyped text and headers should be easily recovered. What's worse is that this has a nasty interaction with the weakening of the key down to 48 bits. In export-weakened SSL, one adds some public salt to the 40-bit secret key, to stop precomputation attacks; but note that CISCO's algorithm adds no salt, so there are all sorts of precomputation attacks possible. The simplest attack (``the Exabyte attack'') is to encrypt some common plaintext block (e.g. "\nlogin: ") under all 2^48 possible keys, and store the 2^48 ciphertext results on a big Exabyte tape; then each subsequent link-encryption key can be broken with O(1) effort. Thanks to the ECB mode, such a common plaintext block should be easy to find. (With a real chaining mode, these attacks are not possible under a ciphertext-only assumption, because the chaining vector serves as a kind of salt.) A much more practical approach would use Hellman's time-space tradeoff. There, you'd need only about 2^32 space (e.g. $100 at Fry's for a cheap hard disk), plus you'd need to do a 2^48 precomputation. After the precomputation, each subsequent link-encryption key can be broken with about 2^32 trial encryptions. So you should think of CISCO PIX as roughly 32-bit crypto... and that might be an overstatement. I don't think I need to tell you that a 2^32 work factor is *trivial*. I could be breaking this in real-time, and I'm only a grad student. --------------------------------------------------------------------------- Date: Thu, 4 Jun 1998 07:54:00 +0100 From: Damir Rajnovic Subject: Re: CISCO PIX Vulnerability Hi there, At 19:25 -0700 3/6/98, David Wagner wrote: >In article you write: >> CISCO PIX Private Link feature uses DES key that is only 48 bits in length. >[...] >> Apparently, knowing what bits are fixed will not bring attacker >> any additional 'gain' in breaking a DES. At least I was told that by >> people from sci.crypt group. > >Either the sci.crypt folks were confused, or I am. With only 48 >unknown bits in the DES key, you can break the encryption 2^8 = 256 >times faster than you can break DES. This is a serious weakness. Probably I was unclear. What I want to say is that it does not matter what bits inside key are known. It is the same if you know that first 8 bits are 0 or middle or end bits. In all cases you must put the same effort to break encryption. In that sense there is no 'additional gain' knowing WHAT bits are fixed it does matter only that some are fixed. Cheers, Gaus --------------------------------------------------------------- EuroCERT tel: (+44 1235) 822 382 c/o UKERNA fax: (+44 1235) 822 398 Atlas Centre Chilton, Didcot Oxfordshire OX11 0QS, UK --------------------------------------------------------------------------- Date: Wed, 3 Jun 1998 14:58:56 -0000 From: security-alert@CISCO.COM Subject: Field notice: Cisco PIX Private Link key length issue -----BEGIN PGP SIGNED MESSAGE----- Field Notice: PIX Private Link Key Processing and Cryptography Issues ======================================================= June 3, 1998 Summary ======= PIX Private Link is an optional feature that can be installed in Cisco PIX firewalls. PIX Private Link creates IP virtual private networks over untrusted networks, such as the Internet, using tunnels encrypted with Data Encryption Standard (DES) in ECB ("electronic codebook") mode. An error in parsing of configuration file commands reduces the effective key length for the PIX Private Link DES encryption to 48 bits from the nominal 56 bits. Who Is Affected =============== All users of the PIX Private Link encryption product with PIX software versions earlier than the date of this notice are affected. This includes all PIX Private Link software through version 4.1.6. Impact ====== If attackers know the details of the key-parsing error in the PIX Private Link software, they will know 8 bits of the key ahead of time. This reduces the effective key length from the attacker's point of view from 56 to 48 bits. This reduction of the effective key length reduces the work involved in a brute-force attack on the encryption by a factor of 256. That is, knowledgeable attackers can, on the average, find the right key 256 times faster than they would be able to find it with a true 56-bit key. In addition to this key-length issue, some customers have expressed concern over the use of DES ECB mode for PIX Private Link encryption. Although the use of ECB mode is intentional, ECB is not generally considered to be the best mode in which to employ DES, because it tends to simplify certain forms of cryptanalysis and may permit certain replay attacks. Technical details of the relative merits of various encryption modes are beyond the scope of this document. Interested readers should refer to a cryptography text for more information, such as Bruce Schneier's Applied Cryptography. Details ======= This vulnerability has been assigned Cisco bug ID CSCdk11848. Affected Software Versions - ------------------------ This vulnerability affects all released versions of PIX Private Link software with version numbers up to and including 4.1.6, and all beta/interim software released earlier than the date of this notice. Planned Software Fixes - -------------------- The first regular release containing a fix for this problem will be version 4.2.1, which is tentatively scheduled for release in late June 1998. This schedule is subject to change. Fixes for the 4.1 software release have not yet been scheduled. This fix extends the effective DES key length to a full 56 bits; ECB mode is still used. Customers who need to upgrade immediately may contact Cisco's Technical Assistance Center (TAC) to obtain interim software. Interim software has not been subjected to full testing; it has a greater chance of containing serious bugs than would regular released software. Interim releases are available only by special request from the Cisco TAC, not via the regular download channels. Cisco advises customers to install interim releases only if absolutely necessary. Customers who choose to install interim releases should plan to upgrade to the regular released software when it becomes available. When the fix is installed, it will be necessary to upgrade both ends of each Private Link tunnel at the same time. This is because key the modified key parsing algorithm will lead old and new versions to derive different encryption keys from the same configuration file. Software upgrades to correct this key-length problem will be offered free of charge to all PIX Private Link customers, regardless of their service contract status. Customers under contract may obtain upgrades through their usual procedures. Customers not under contract should call the Cisco TAC. Contact information for the TAC is in the "Cisco Security Procedures" section at the end of this message, and is available on Cisco's Worldwide Web site at http://www.cisco.com/. The use of ECB mode was a deliberate design decision for the PIX Private Link product, and will not be changed. However, future IPSEC/IKE products for the PIX platforms will use other encryption modes. Workarounds - --------- There is no configuration workaround. Exploitation and Public Announcements ===================================== Cisco has had no reports of malicious exploitation of this vulnerability. Cisco knows of no public announcements of this vulnerability before the date of this notice. This vulnerability was discovered by an engineering analysis conducted by a Cisco customer at a security incident response organization. Status of This Notice ===================== This is a final field notice. Although Cisco cannot guarantee the accuracy of all statements in this notice, all the facts have been checked to the best of our ability. Cisco does not anticipate issuing updated versions of this notice unless there is some material change in the facts. Should there be a significant change in the facts, Cisco may update this notice. Distribution - ---------- This notice will be posted on Cisco's Worldwide Web site at http://www.cisco.com/warp/public/770/pixkey-pub.shtml. In addition to Worldwide Web posting, the initial version of this notice is being sent to the following e-mail and Usenet news recipients: * cust-security-announce@cisco.com * firewalls@lists.gnac.net * comp.security.firewalls * bugtraq@netspace.org * first-teams@first.org (includes CERT/CC) * Various internal Cisco mailing lists Future updates of this notice, if any, will be placed on Cisco's Worldwide Web server, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the URL given above for any updates. Revision History - -------------- Revision 1.0, Initial released version 08:00 AM US/Pacific, 03-JUN-1998 Cisco Security Procedures ========================= Please report security issues with Cisco products, and/or sensitive security intrusion emergencies involving Cisco products, to security-alert@cisco.com. Reports may be encrypted using PGP; public RSA and DSS keys for "security-alert@cisco.com" are on the public PGP keyservers. The alias "security-alert@cisco.com" is used only for reports incoming to Cisco. Mail sent to the list goes only to a very small group of users within Cisco. Neither outside users nor unauthorized Cisco employees may subscribe to "security-alert@cisco.com". Please do not use "security-alert@cisco.com" for configuration questions, for security intrusions that you do not consider to be sensitive emergencies, or for general, non-security-related support requests. We do not have the capacity to handle such requests through this channel, and will refer them to the TAC, delaying response to your questions. We advise contacting the TAC directly with these requests. TAC contact numbers are as follows: * +1 800 553 2447 (toll-free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com All formal public security notices generated by Cisco are sent to the public mailing list "cust-security-announce@cisco.com". For information on subscribing to this mailing list, send a message containing the single line "info cust-security-announce" to "majordomo@cisco.com". An analogous list, "cust-security-discuss@cisco.com" is available for public discussion of the notices and of other Cisco security issues. This notice is copyright 1998 by Cisco Systems, Inc. This notice may be redistributed freely after the release date given at the top of the notice, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNXVhZgyPsuGbHvEpAQHBnQf+MjqCUsvPoiVYVsiCKcXKYqlzc3CaBUM2 V78tQDBn+3Em2U5rAvIR3RhXQ3gL43QGMQsK7+q70cO3bjyWFsvXxWR41+ll9TjC mU9GVfxevTJEi1GHep2LcOy1iEwWRwqw++67DJjklxM7dvPs8l7ExCjarXeFjHy9 bYNLBkSHhcck3oPxmLrYRn2tGp7QGfyJPDw9zbFvps3jSgN3WpI22QC8vJNLS6O1 vueDYGQfTQMRufYjfVb1qS/PqYZyYnClnhWHuUlEHpEqN9az8H+vsgwh2wUQLw+a mtyCKAov1r9C68+DmP2Ws2xVUmUO+RPFTUdezTa5pKlwfk6OQ2J9yw== =8gFB -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQENAzPvjNgBbQEIANK7KlAHQsajB9t0ddYhrZNmaOnyPL8T5JZRDq7uSf3HfXZ9 gcE+DU3/2/TuCa7l/P0fblpUtxOo2FScjdg6Zd/V+8FH++wfH7GP+M2lJIw1N/UN hLfqUe7RJZtAvAb2VRpA3pV816ngk0H7tb2RyAsu3H7MvwTDZaZ/dzhM/40uDz2b OUjkaoxC/cKLsP+ODLydPK3XPzjq9XipC3AX8zDLbjAMSyNTpQP4c2NvIf6X4Q4Q D+yZJu0dYA8i/QC2F9cb4sT6fKtoRENwVLQhHwkxwKLqmyokLLOZ7QvQw1Rqs8ZU E4o5OFdf0XvqW2+C1+CWQ5Z987ZHDI+y4Zse8SkABRG0R0Npc2NvIFN5c3RlbXMg UHJvZHVjdCBTZWN1cml0eSBJbmNpZGVudCBSZXNwb25zZSBUZWFtIDxwc2lydEBj aXNjby5jb20+iQEVAwUQM++M2AyPsuGbHvEpAQFlYwgAk9yGvvH1Rsz3dQAgbzBR iA68u5YYX/b8/n5aTrtxK1Z9KltjdDjcU/rv2fqmwhsc9Q2JYE1re/iiUUuxTTXc xCdnLfZ75w6P7v1XaE8HbaXvUbYmFuKxvhzI6gnZ3OWEqVQ/P1RB7zzSwHtvMAOm rkty+vFz8g432tDeU/WEif0PAeNassVjIBE3mSFcnoF9PwR7+983oLI+QUTz+KZ3 po7r7ETFXBaie8MY5vMo2a0ds6GUsrMVpFiJ2zruSCJQJvVVoe9VT9pg92fHw6vS YZBf6jcPd+3kUjAcAZQj5Jkuo5QtDc+JpCs6A4JS+nk2UPYisFOfxHjR2bv396ym lYkAPwMFEDPvjPSWgad8PVLgfxEC85sAoLW7FY3dWWXLiZD6FbN3G81/SYm2AKC3 EPPlj+zNMt83UlBIR06BWOhPmYkAPwMFEDPvjehhWBbFOs5V/hEChMsAoIHN2sJN Nso+kYr3G2BZ90KJ++7HAJ9vQkdJRwI7HSyL+iyfQS3YV4ivKYkAlQMFEDPvuil3 prw+JwB2/QEBujkEAKvxs8A5OMk/TD8tuQMATILDxnj0ZGepAV0wbJjJx8bYQ54s hF6r4OlyWEVPOn9sMn81QyWOeaprpJfYWgqntyJ8aO4Mh2gfI4uKzKn5hJ9n424g L3cOcJUKmARBGFgL4gB6QZU6k+52qubv08gHYBDUTpxbtYy09/bieET6Tu6NiQB1 AwUQM/DnKABQXdL3LtV5AQEB1gMAntCpluUCoH9Spn+4RBKQU9qVYjZL9ye7Qd9z 8uKIUGM7VFMD/ECavREEd6ggYFCX2t1YV1j6805+oROx/xhxCe4OSG2PX6NQx3Mc hMWgQSiBKFikfxXcbDTwU4HGk/U8iQCVAwUQM/Dk3Rim+KqOZxohAQFO0AP+PkRZ AMsuGJ62XOmO27ZwoB1yMB+LahS9zWlVUuCrBs0NloC0Uc9aydw+tWqr5PU8972O ZmMI1mPnjsAao7hJeVFEKmNpJ+nPFx56fmO138D6h+1eYYsXMEkx4FNHYmr/hP9R T7JuqFChB4eHAtL37GDo6pUqIpRdbI6imU+TGWSJAJUDBRAz8OmMetUtBpz0lbkB AZnqA/9Vcjr5qpxELEwYmJhBih4Eha0bPebxDpT/wDQlWF8KQVT+dVa4/kXDZDSQ EOcV+Q+Z0YAxqFFaWHI1CYr2pR+jDqzxxdsxvwLPaJ2Yq2vnb/UozPzCYXaRr8dK E2LaRpUIe/frpaKggGfT+HP35WWSAkS4yP91I+9xw2xAHC7F/IkAPwMFEDPw8Uu4 sEdhxJFDBxECSu4An0Vs1WvZhg1+F9gXVAdWeZeQwjPjAJ9kiB4mUt6PeE1Yafo0 y9h1h25z44kAlQMFEDPw6arUWbxRv7Y9YQEBrGYD/AyYF/uH6EJVZww/oASl5pxt 2Q9YR5Kb60f7RsMOi48SgIV0lrUCk8rEN7HiEMlMSzjqtCuAPbxc85ltYA2V8GMB uz16DZ+LshmN2Bdo5HvlJ7oONRfTznAaeKVH40MYI+4oj0Z+mXbhIT48OkQUaWAx +XxdzLufxNNU8oForJ/FiQEVAwUQM/NXXx9quvkcD7cJAQHDZwgAkh5R/OS8SzEV WOOlnUPSaI/PNPSeKdEOOvU5K6u8DMsb/M5775fg9paCGi+UngRiL3xWjykJzfrp 94F/0d4PpdkcQUEao6+uZBgIbDK9S/W0bDAFCgCnwy20JPXxJgdikQb0GLBzP+31 WHl4JSMXTuNAFJ8z7Uc/a2JWe3QZ+w8uZP5IyASimYYLu+19Hxo4fYT/bOOQ975z arCgaDO6b4HU68GG3WqytmuBj6Vpu1x5Ia9cNpxgPmtM4wg83zmx06fDTGN89EYH rt7dluxCBesxPhUsmZn071Xdq1zMYIzHns4jxwCREp5kNMtPsUKA8dSA4UO2BdkO q5IX6scTOokAPwMFEDPyrMUi3EpiOkv3cBECgNEAn0dTtLw0NDPHn/XPgxz8jcnR szjkAJ0bHBmB26616zdcrgPZrYtvac9gVYkAlQMFEDPxEE1/tdR0mmHbCQEBO2YE APGeRsytUHeL7tUbdDgLmz6fcroNkJk6sjQLAw0HYqnHbwhfXCvFQmAb00Whw4xQ cSXej3JUJSwXDyEJ5AhOD3IdTkKJnJA81xJzYJXhp8kJTF09M5voB5eZg1Fp0bcE w3a2MXy3SWRWfJ7SSA2De7dBpf2oOZeI9AuRltHfVmKPiQCVAwUQND7fLiFQYTN/ zSo9AQGwMQQAog5OyeA3+SkPl0l89fUH/ZBs9abyK7KM7DMyb4ERWzAhoikImk7F BCofLz0o3KeeTa/0gzYVD8RviunRmbwbT8GldHElW6bnxs9Uh5EQTmrX0vPi3q1L 1zM+RQ1BPR2GJ41DFpEGG/HCoIqrouoWsM6Xn8sujXFnFmInWu3Fc4mJARUDBRA0 lwTIK3xv9F14VdcBASbBCADjdN/dK/bTAKJLW+a3aL5S2+FbhUkBC+o8OTAYgkXy bp9uWSH9Y/d0+ac+T6ZLThQgPwgRUmNbpasbsQPz5I5YYyoepeGoKztZZLnKBRCy AF+sV4LyE1oU+67QikwVMjMraP6eJesOTdFg2+YI0DqJZmbdeY9IRdduwV2AuZMt 04YxYTrUeP+dGj4vXLQv+FVVUSKeCE3rsrwYRFi+GFE8PJw2rSD8CCIe7mMZv1fX P1EJs3umgtv2eECBQ83hEahSrM/vizRjlri2XvpOqa6xoeUbpuzSOdgHOYpaPHjK yd7orHpBcew143UJ8G/Gjo+SgY4GWtncPgNGgX1NFtrxiQEVAwUQND7WmkZi51gg Ebh5AQHEFwf/VmrG6IvjIZ4IKbc1aqvEU8YRoIlkb0OosGVOU1DsRy/mkGHizLE7 icEPH7/uhW7L6S0AdbKxFJG1lAxC26ykqNC+g7o/Nssae9B/wE721e36FjxmOpEi ZcvesOCtB6/GnOlxblvAtm0vwK4QV9LI/oqiqNwQhgSZLLDuk5Vzm1lnRA0/nTsX nlUKaAgfMkj2oAJhLAlR4rqxnJCyb+xR1YDCt77no2ll9RDXQMqzosSUU83kCC4b fXhnHXADK7Tz9FhN6ihNW9pOjbEsQ41DT+wnE3nkehbcUmZyjskNFdQXRVSHEWYe 32woo5UV+ZQ2qjdkLV8QUgDyn/ylFtrBN4kBFQMFEDQ+8CtLxxlDRSxB+QEB4p4I AKunmSfnZkti5wXwH97urNKsFNps4o0EHCrMbDfzvps3+7CCjYb9qmlo06bcCuT5 CzdsHfjEUKKQ+jJ1gBZSt52Nc1DlCjM+voz2XKogrI6BfKZpTos5ZUq9S0Of9OM5 tEhgXAVqo+MQ+5nSY4uT8YwJf+iANMktC1OkDR4Zj+6uGAWMLX69kDSBF75DnONN NknGzDYcP4KwTisZwDDtqR5Qmu+/LtnV94pXRLiro+dCkU2S5hCT0nTAG9+UkQXy xSyIn88aYicljnReNVqDXwhX4Sev/Cdb7cfj+h/iKXpDFuZ1UUUyAJy5XMCcxxge juDXgcz/A1sVL6/YtHSsr1uJARUDBRA0R9vD1FlcL7UofrEBAfKCB/96WqTVvWrO H8C3q1NLt5KleAv2gRRNgeQIqGxkRcuRoJTjbganKjezK2oS3VyBqN67HDKaJ5di TfuG2i87y1Flbxh4rnlo5Ppse2Sisp/hfJ/cD5ZEem1IlMCUHL7/XOknc4fv/bqn 8vFhCIUpdsC8akKTPa82fc09J/vNDBBJm9UBIZUMcXhUHmpOWI7BvQJuyGRUPNm6 1mYqwTdn+nba5SE73t9/37ZJvg+L11uN3BbsyEiH9hq9Xv7s9+I9f0SqwmDuGxNX X5NQRLlUidiCbR/njpib3BAKo27NudC185tL1tqY7cTjSD4A3ayJgK8urSVdso+G D6sS6mLGmoigiQA/AwUQNDqzpN6/Lw5WBJ4PEQJBMQCffp1SLf282PdNyGCHWRRQ ufkFoYYAn2lLhfXQQKccZh/cef3dflJZ9RH7tFBDaXNjbyBTeXN0ZW1zIHByb2R1 Y3Qgc2VjdXJpdHkgaW5jaWRlbnQvYnVnIHJlcG9ydGluZyA8c2VjdXJpdHktYWxl cnRAY2lzY28uY29tPokBFQMFEDPvjV0Mj7Lhmx7xKQEBCCsH/3i8JxEVxwj+F/ff f2lCRDD83fJTGhYNYvOACxYaRSs1hwZ1pAWSLUzN+cc3Iqub+dT9zgbubrHFP8kY B5oPxEh92myV7d0ijLI82RNc7yrql9MI2H9yIYdgrT2aP98KbGulxri3U9HQ1AnV PE43eu8F96fgiOggRqDKi7lWP9ADvcaKO3a1aDk/X2EO1I0jSJMTfZ1cyMlpmrnT s3i5x2lX+42GHjpgA3tWGlTN6DFWa5k2dU7TzE3dKL1qz5Zdu81WMdT4xDbk2Q6Z 8rGu2oKA+YXprSlF0dBsG3qFTKSFgnHijTT4fJI2+gebEzpe8vGUf4FJXQmjZ+bG 2dTdUKyJAD8DBRAz7410loGnfD1S4H8RAqdjAJ9VVM6GixYnpOpZMvvpuKk3OHow KACfQxP/Dcmqg5KtDPnd6hHMaVbEBAaJAD8DBRAz7435YVgWxTrOVf4RAhkwAKDW gIbBaQ/qoR9F/CMhmpYztcsMBwCg2DThE7h3j5HGvsiwy8MsZZmLq5mJAJUDBRAz 77opd6a8PicAdv0BAXKbA/9uZcSak/u41uFuow5uwkydjkfHz7XRFK49HX7ozwoJ bVydzlURMIOvbwpf6ws/bFTyhM1RRG3b5E5o4psXoNWowXG+uNkmTLhXIBOtH4Tc jbLXspLWUiNtBNlJ2dDKxit9ye1Z/9cTwpfaNyAmtb0aPBN4sZ8r6Bmgd44Vx0nS L4kAlQMFEDPw5OoYpviqjmcaIQEBJ/UEALXebkpbO3GE/jGb41qzMcoTVXt3kqh1 mY1yJloPEllXstP1yO83uczLfPhhKUKAGg/WZS5eFrYTRvIqu2HZ7F0PfTqqReKU Ur7GFb+QUTzt178DQzfIyTHT+43CIMF6NPGbdWFkwzMaUjXBewEX2eTNg1fRSoYC 64rPvSEXFnnpiQCVAwUQM/Dpk3rVLQac9JW5AQHcZgQAqveziPJciVrzdanmUHGt 8La2rl1qXoYtYAcS51gVD2Dxle/J1SIvyRWysTE0+s8X+zgw71zQXm54KUKdoFTv Eyerc65NnVVCgPUpNN8/H0XUpNd1oZ2KKIzz3mxQbVwa50sRKvYBFUo9mUfbv+al FK4yrWaqAF3Dx38KiQrqOa2JAD8DBRAz8PHwuLBHYcSRQwcRAu+bAJoDEDaxddtU 35mekCglNjbHLmOR+gCgiYpy0fB8JtNJE0k3xQDuW0H8uG2JAJUDBRAz8Om31Fm8 Ub+2PWEBASbZA/9wYDYTmvtoSuvI0yOITGgmh8kSCOMAmXikhI6ASZy8GhkPX7OY 2ybX2Iw7XXApL0mcuDr13Fm+xrt9TymyYAbRnmPjbPn1GoYVM/orN+R/t/mblfdb +eklvMKnChA7eNFfYNUz+V+lRPkH156EnBXYwmzlYsKEerGjxJLoyQErsokAPwMF EDPyrNgi3EpiOkv3cBECoIcAnjmNq8NznK0HYgwicWYUjDAmte6QAKCK6txKW+VH WRJ2cSf2maRkf0TmmokAlQMFEDPxEHR/tdR0mmHbCQEBigQD/i0ZA1QsFjQqQABT moOqLt0phX8Q9fakXyz245Zt5y5OsGL20lwVadVVzESZHZgl0sTHtL6Na8QjKC+u qlbrch60oInzzzegGDTyk0zVMeaNApOcV3+D1qMvHH78qyibXf8A4uEcn1jrGTWC lQH9SLW2bHtuNyArIDAHbs2S4MoKiQEVAwUQM/TlIB9quvkcD7cJAQEmFggAvkXG VGoNGrK1NO8hhf4R/oIeCahsc5v9i06xVSiRhZRJ9of3PC4JjzAxjNtG5EZi31YR Zy1+Ja2JFDOA/MPlKv4AURZiULAwS5DRQ94dTCk7kvXpKr3Q5TOOpFWQJ81yotc3 8UGi87PlrxZqsWD2iHTp5lzfaoRuKCoL1ao87ppE3l4KiU5lRJ/uZxn/vyrEv619 4Q5dzelkPC1cQbi4tX0+phtvSV4/KZbv0J1kkCKkQFQBA70IdfkcNu41JqcsRjML DJB+rbSQa0UozWx3Scl8TFzcVbRQG5YEd/fwBkWeRLbm+2nHTkiddYHmsLiNXFcX jPWhBYyp+4B/f+bjYokBFQMFEDSXBPArfG/0XXhV1wEBKGAH/iNvdhvOPUHEHReh pBiYeBslxdvWClm2zYfPDwJnBwMRSjD67IS5tLjDWvkE4/g5Qk8dDPkKmDp02Ycz LKFqFvUYcfxrNJgxWVLFYJ3dB6QsCeR6Fq+qs1y8v3jYYWpUM4dUUWDMF66FUqO0 hAQGjjoQ1Nm92q71nglm647B9Z50QZBrJRHWS4Q6q48tkr4Cg+6BHKT/pg/SluYm 6wUMAB4shZ58S/Brba8Hzz+YT39KFwOJ1J3O+t36xPeGrazc3EyAcr081xpa/9p6 OdEhdUhhz9KHD/gOarlH7PTPYGITP3ZmhZ/SfCYDEeR0Kw7aKXFkAZUvNu9/5Cxv 4IO3zmOJARUDBRA0PtalRmLnWCARuHkBAU5hB/9HAIi89liNnkaSspn35i9hHSLR c1eRUz5e5RdjpdF2WWwONRmNrJh1LkRe+2oYVPw1hTx1Jb2tDwDTDIoaxsUkVsL3 4/b2NOZsmOsiKt/P7Y17ygbTSFIgicaP/eR/swXYOEv9RSu2yAdqUbTi7XIvjioz jCxVBAAyhW9fyoIg94JpDK047gfd8kS5smyVJA8Vmg1Ll3qOqhUENXecqSvKlx67 pbLSvyvmTA+RqKVgaEDYOHJuSeacexu2EKHBJwGrVGhtYVwtFRONInxePdb1uYsd tVLQOZUKDMLQYnBVjAwi65yXbstkArzZ2sYctIMTUBNbgfKheWWpG1uGmIT8iQEV AwUQND8Qe0vHGUNFLEH5AQF6tgf/SGAuL/bSaUMd1Ia+Vh4q+KGj015cPXHiJgv5 YltjvoZUcOe2l5c8flKlyrgTekmX2l63xzRsOOK9LMxt4bJwuIbr1yb81UBnbqtz OoAHI83ucJBiuGTf+ffcYCP4KWg2blASEJpwBXGEaxIMBVAPzZIQUnyg4FaKjLwY Mu2sp0Gg/nNI/QogoYeNzT03m55Ng6hpGK3v6RrLdy/Cpi2bPxKNrBB5as3u7WmA 8XRiOaHiu5LIJnRYjhXrmpSytr4J8NVr81PkK4eWKxpTOEg/v/Zk1/f34Eh2K/B8 VfGUalIAygEmBqhiW/zJFZTX2+IwVvPwVocb/Qk9DSfMCbGYc4kBFQMFEDRH28LU WVwvtSh+sQEBfzcIAKfPLrf18fhKivjwURU8hNmMyr9GQ1HVoyE/d1L5dFjXZHl9 B1g8VKodL8Hh71UHS0kN22CsGpDuOzGh/E82BLVuO1POrDQ1Jipe0JC5UBOMTqcX hZ6qut4C1fZ4urXDalqusdKIHvLO1VdQL96TTuvrsIVoh5gc5k0jw65SPM7FT5mo uJmt7+8D1id2SILbnAcH+Cy7iVbV0tkTeU8/ETFnKkDgv3OGUBrxsTn4/7drGg0k 7gKeRR9RcJduX7L+Zyxo2DuJ/lJhUEpmNwqM2ZeTWY26ugEBKsNhwmIHzFXa0s5f bAJZ1egubigLQnNYVHOB5I0jxO07/rOqOo7mN56JAD8DBRA0OrOk3r8vDlYEng8R Agl6AKDlMjVFv3gKMloyxLEZEQT/QggmowCfVqd3eHVSyoRRa8VZIuoFsRDRpSk= =G6xd -----END PGP PUBLIC KEY BLOCK-----