tag:blogger.com,1999:blog-22178854810118150832024-03-13T00:21:58.240-04:00The Diceware Security BlogThoughts on computer and Internet security from the developer of <a href="http://www.diceware.com">Diceware</a>,Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.comBlogger23125tag:blogger.com,1999:blog-2217885481011815083.post-44767063700979587002016-08-04T14:07:00.000-04:002016-08-04T14:07:05.668-04:00Announcing Rock Salt™Rock Salt™ is a method for storing and accessing password verification data on multi-user computer systems that resists remote attacks. Along with commonly-employed measures that limit the number of unsuccessful attempts to login or otherwise verify a password, it allows users to choose relatively simple passwords with full security. The secret component cannot be easily leaked or exfiltrated by malware, does not require periodic backup and is isolated in a way that allows it to be protected by conventional security measures, such as safes, alarm systems and video surveillance, from attackers who somehow gain access to the computing facility.<br />
<br />
I announced Rock Salt on Tuesday, August 2, 2016 at the Passwords16 conference in Las Vegas. My presentation slides are now available at https://www.researchgate.net/publication/305849439_Rock_Salt_A_Method_for_Securely_Storing_and_Utilizing_Password_Validation_Data<br />
<br />
Video of the presentation should be available soon at passwordscon.org.Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com16tag:blogger.com,1999:blog-2217885481011815083.post-64828717921304942962015-12-17T19:31:00.000-05:002015-12-17T19:31:56.739-05:00My Thoughts on Strong Encryption <div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
The White House recently asked the public to “Share Your Thoughts on Strong Encryption” <a href="https://www.whitehouse.gov/webform/share-your-thoughts-onstrong-encryption">Here is the link</a> to the White House comment form. And here is what I wrote:</div>
<div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
<span id="goog_730805126"></span></div>
</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; text-align: center;">
<b><br /></b></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; text-align: center;">
<b>Response to the White House request to </b></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; text-align: center;">
<b>“Share Your Thoughts on Strong Encryption"</b></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; text-align: center;">
Comments by </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; text-align: center;">
<b>Arnold G. Reinhold</b></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; text-align: center;">
December 13, 2015</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
In September 1999, I wrote a briefing paper for the Cato Institute titled <i>“Strong Cryptography The Global Tide of Change.”</i> It’s available on-line at: </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
<a href="http://object.cato.org/sites/cato.org/files/pubs/pdf/bp51.pdf">http://object.cato.org/sites/cato.org/files/pubs/pdf/bp51.pdf</a> </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Back then the Clinton administration wanted encryption systems to include a feature allowing government access to encrypted data, just as the FBI wishes today. Sixteen years ago I wrote:</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
“Cryptographic technology is so widespread that it is impossible to stop. If any major governments, terrorist organizations, or drug cartels are not now using strong cryptography, it is not because of lack of availability or lack of reliable suppliers. There are many firms overseas that are willing to provide cryptographic software, and, for better or for worse, some of the cryptographic products most widely available on the international market were originally made in the United States.“</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Concerning the risks of encryption backdoors, I wrote:</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
“…key recovery will create new targets for miscreants to attack. Given the enormous value that the data in key repositories represents, it is only a matter of time before they will be compromised. Even the best security arrangements are vulnerable to bribes, blackmail, and threats of bodily harm. Over time, commitment to security will wither under cost pressures and boredom.“</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
We saw an example of the latter point this year at the Office of Personnel Management when the security clearance forms and data of millions of cleared workers, including all our intelligence agents, were electronically stolen by China.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
<b>Tools for surveillance have multiplied since 1999</b></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Since my briefing paper appeared, there have been many changes in technology and legislation that have enhanced the ability of law enforcement and the intelligence community to track terrorists and gather evidence:</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o The dramatic drop in the cost of mass storage (by a factor of over 300) has allowed the indefinite retention of almost every detail of each American’s lives. Lower storage and processing costs have enabled the big data movement, which stores and analyzes every financial transaction we make as well as all our interactions with the Internet. As business records, such data is available to the government without search warrants.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o The Patriot Act was passed giving the FBI broader power to demand data through secret National Security Letters, hundreds of thousands of which have been issued. The act was also interpreted by the Bush administration to allow wholesale collection of metadata on every U.S. citizens’ telephone and electronic communications, creating a database that reveals each person and organization with whom we communicate. While recent legislation has moved this database from government data centers to those of the private telecommunication carriers, it is still available for government search.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o The growth of cell phone usage to near ubiquity has, as a by product, allowed the movements of every individual who carries one to be tracked at all times. Newer phones with built-in GPS must, by law, allow tracking to the nearest 50 meters for most calls. While this data is only needed temporarily to route calls and pass on location data to emergency responders, it is being stored indefinitely. Again, as business records, this data is available to the government without search warrants.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o License plate readers have become cheap and reliable, and are being used on traffic signals and roving police patrol cars, providing another means to track our movements. </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o Surveillance video cameras have become common and are being linked in many jurisdictions. Combined with rapidly improving face recognition software, they provide yet a third way to track individuals, even those who avoid cell phones and private automobiles. </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o The rise in social media has placed a vast array of information about individuals on line. Accounts associated with terrorist organizations designed to recruit new terrorists can and no doubt do provide a wealth of intelligence about potential threats.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o We now know that the NSA has actively worked to weaken security standards intended to protect electronic communication systems, many of which are essential to civil safety. </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o We also learned that the NSA has developed an extensive catalog of technologies that can infiltrate computer network systems and circumvent their encryption.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
These new technologies have greatly expanded the arsenal of our law enforcement and intelligence agencies, but they also threaten to entrench despotic regimes around the world by creating a totalitarian infrastructure far beyond what George Orwell imagined in <i>1984</i>. Use of strong encryption to protect our personal records and communications from government snooping is one of the last lines of defense for individuals here and abroad who wish to resist oppressive governments. </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
<b>We need stronger security systems, not weaker</b></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Since 1999, the dangers of weak electronic security have become all too clear.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o The have been a long series of massive data breaches affecting even companies in the security industry. Tens of millions of U.S. citizens have been affected.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o Cyber criminals have developed “ransomware” systems so effective that the FBI’s best advice to victims is to pay the ransom. Even police departments have paid.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o Current government officials have warned of the dangers of cyber attack from China, Russia, North Korea, Iran, and even ISIL.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
o In particular there is evidence that computers that control critical infrastructure, such as our water supplies and the electric power grid have already been infiltrated by malware controlled by foreign actors.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Weakening the security of our electronic networks is the last thing we should be considering in light of these threats.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
<b>We don’t want the terrorists to go silent</b></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
The recent attacks in Paris and San Bernardino demonstrate that small, self-sufficient terror cells need not communicate electronically in ways that would reveal their intentions. It does not take much imagination to see how others can do this in the future. U.S. government action to require backdoors in encryption products would only alert terrorists to shun any electronic communication whatsoever in planning their operations. Even if backdoored encryption exposes a few terrorist plots, others intent on evil will soon learn the lesson. But a great deal of valuable information can be gleaned from patterns of electronic communication, even if the messages themselves cannot be read. Requiring backdoors could shut off this valuable intelligence and truly blind us.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
<b>Please don’t weaken our security</b></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Weakening the encryption on the computers we use has damaged and will continue to damage the security of our infrastructure, but it won’t stop the terrorists. As I wrote in 1999: </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
“… the simple reality that strong encryption is widely available around the globe can rescue us from endless debate.”</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Respectfully submitted,</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Arnold G. Reinhold</div>
<br />Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com4tag:blogger.com,1999:blog-2217885481011815083.post-10923127046797537542015-10-20T17:34:00.000-04:002015-10-20T17:34:09.246-04:00It's Back to the Future day!<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Tomorrow, October 21, 2015, is <i>Back to the Future </i>day. It's the date when the characters in the 1985 movie <i>Back to the Future, Part !!, </i>arrive in the future, 30 years ahead. </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
In the first movie in the trilogy, <i>Back to the Future, Part I,</i> Doc Emit Brown accidentally sends Marty McFly 30 years back to 1955 carrying a 1985 Camcorder. Unable to use the broken time machine DeLorean to get back to ’85, Mary looks up the younger 1955 Doc Brown who marvels at the Camcorder, calling it “astounding, a television studio in a box.’ and is able to hook it up to his 1955 black and white TV. Was that realistic?</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
The transistor was invented in 1948, and the possibility of integrated circuits was being discussed in the early 1950s. In 1955 TV studios were recording programs on movie film using Kinescope technology. Ampex Corporation sold the first commercial video tape recorder, the $50,000 VR-1000, in 1956, but it is quite possible a know-everything inventor like Doc was already aware of the technology being developed. The video output from the 1985 Camcorder would have been a clearly marked RCA connector. Those connectors date back to the 1940s, when RCA introduced them to allow record players to be connected to radio consoles. </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Attaching an oscilloscope to the connecter, Brown would quickly recognize a baseband television signal. It would be in “compatible color” NTSC, but that standard came out in 1953. Television receivers of the time did not generally have a video input, but adding one to a vacuum tube receiver would not be hard at all, a capacitor to the grid of the video amplifier stage would do it. And since NTCS color was designed to be compatible with older black and white sets, it all should just work.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Presumably Mary’s camcorder batteries were not completely discharged and it would be simple for Doc Brown to measure their voltage (if it wasn’t clearly marked on the unit) and hook up a suitable low-voltage DC power supply, or even a battery.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
So yes, that scene in the film was realistic.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Now suppose the movie was remade 30 years later in 2015, the arrival year in <i>Back the the Future, Part II</i>. Marty would presumably be carrying an iPhone 6s. What would a 1955 Doc brown have made of that? </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Connecting the iPhone to his 1955 TV seems unlikely. The iPhone does not output an NTSC analog TV signal. The video signal it does output was unknown in 1955 and likely too fast for Doc’s oscilloscope to decode. While composite video adaptors are available, there is no reason Marty would have one with him. But of course Doc Brown could have watched the video on the iPhone itself.</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
Power is a bigger problem. If Marty happened to have a standard USB AC adaptor and Apple Lightning cable, it would plug into a 1955 ungrounded wall outlet, without any adapter. If not, Doc would likely be stumped. The Lightning plug has a chip inside that authenticates itself to the iPhone to prevent cables unauthorized by Apple from working, so there would be no way for Doc to connect external power through that port. The best he could do would be to carefully open the iPhone case, tricky to do without damaging the delicate insides, and charge the battery directly. </div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal; min-height: 14px;">
<br /></div>
<br />
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
In short, while a 1985 Camcorder would be comprehensible to a 1955 inventor, a 2015 iPhone would be darn close to magic. What will 2045 bring? Will vintage movie buffs be able to understand <i>Back to the Future</i> without interpretive notes?</div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; line-height: normal;">
The lesson for computer security: It's hard to predict the future of technology. Long term security requires very conservative designs. </div>
Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com2tag:blogger.com,1999:blog-2217885481011815083.post-7945057343889806292014-03-05T18:21:00.000-05:002014-03-09T16:59:54.636-04:00Time to add a word<div style="font-family: Helvetica; font-size: 12px;">
<b>Time to add a word</b></div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
For the average user I now recommend a passphrase with <b>six</b> Diceware words, or five words with one extra character chosen and placed at random. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
This is a change from my previous advice. Since Diceware was created in 1995, I have recommended five words as a suitable passphrase length for an average user. For people with more stringent requirements and where the passphrase was being used directly to form a cryptographic key, I have suggested 6 words or more.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
I had previously written that longer Diceware passphrases might be vulnerable by about 2014. Well it's 2014. Today criminal gangs probably have access to more computing power then the NSA did when this page first appeared. So I am upping my passphrase length advice by one word.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
To understand why, <a href="http://m.techspot.com/news/51044-25-gpu-cluster-can-brute-force-windows-password-in-record-time.html">here is an article</a> about a password cracking machine built using 25 AMD Radeon graphics cards. It can test 350 billion possible password per second using Microsoft Windows’ NTLM password algorithm. They claim they can crack a random 8-character password in under six hours. At that speed, attacking a 5-word Diceware passphrase would take on average of 7,300 hours or 10 months to find the correct passphrase, assuming they knew you were using Diceware and developed equally efficient software designed to try only valid Diceware words. And NTLM is one of the easier password hashing algorithms to attack.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Criminal gangs have built botnets from thousands of computers infected with their malware. Marshaling large numbers of these computers they control might allow them to crack a five word passphrase in a reasonable amount of time. But tying up thousands of computers is probably more effort than criminals would want to expend on an average person’s data. They have many potential victims with weaker passwords that take much less work to exploit.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Still computer power keeps increasing, especially in advanced graphics processors, which are easily adapted to cracking work. Five words would still be enough for most uses if software designers used good key stretching, but too many do not and it is hard to know for sure which do. So I felt it was time to recommend that longer passphrases start being used. If you are using a 5 word passphrase, consider adding a random character as I suggest at diceware.com. It will make your passphrase about a thousand time more difficult to crack. Adding a sixth word makes it 7776 times harder. Take your pick, and read the Diceware.com FAQ for more information.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<br />
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com22tag:blogger.com,1999:blog-2217885481011815083.post-14344892090541699602013-12-25T13:54:00.000-05:002013-12-25T13:54:06.872-05:00Making Random Letter Passwords Memorable<br />
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>JA</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
<w:UseFELayout/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="276">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
<!--StartFragment-->
<div class="WordSection1">
<div align="center" class="MsoNormal" style="mso-outline-level: 1; text-align: center;">
<span style="font-size: 18.0pt;">Making Random Letter Passwords Memorable<o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="mso-outline-level: 1; text-align: center;">
Arnold G. Reinhold</div>
<div align="center" class="MsoNormal" style="mso-outline-level: 1; text-align: center;">
Cambridge, Massachusetts, USA<o:p></o:p></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
August 28, 2011<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Abstract<o:p></o:p></b></div>
<div class="MsoNormal">
A method is presented that accepts a random string of up to
10 letters and uses a look-up table to produce a mnemonic English sentence
having those letters as the initial letter of each word. This method offers
more predictable security than asking users who wish to create a strong
password to think of a sentence and use the initials of each word in that sentence
as the password.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Introduction<o:p></o:p></b></div>
<div class="MsoNormal">
As personal computers become more powerful, attacks on
password management systems are becoming difficult to prevent. Many
authentication systems protect passwords by only storing a cryptographic hash
of each password. However, if an attacker gains access to stored password
hashes, they can attempt to crack the hashes using dictionaries of common
passwords or brute force searches of all character combinations. The
availability of high performance general-purpose graphics processors (GPGPUs)
that can be programmed to carry out hash attacks exacerbates the problem. (Davis
2011) Cybercriminals have assembled large networks of computers they control
(botnets) and can use CPUs and GPUs on the compromised machines to attack password
hashes they have collected. Passwords used to generate cryptographic keys, such
as those used for disk encryption or to protect wireless networks, have similar
vulnerabilities.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In response to these threats, users are often encouraged (or
coerced) to employ stronger passwords. Common ways of doing this include
requiring a minimum length and a mix of upper and lower case letters, number
and special characters. The latter approach can have mixed results. Users often
follow predictable strategies to meet those requirements, modifying their
passwords in minimal ways that have only modest impact on an attacker’s search
difficulty.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Another common strategy suggests users think of a phrase
that is memorable and use the initial letters of each word in that phrase to
form their password, perhaps substituting words or letters with numbers or
symbols, <span style="font-family: Courier;">2Bor~2B?</span> for example .However
this approach depends on the user being sufficiently clever and creative. Many users will choose common phrases, such
as lyrics from popular songs, and use predictable letter and word
substitutions, such as “$” for “S”, “1” for “L” and “3” for “E”. Also the
distribution of initial letters of words in English and other natural languages
is far from uniform, giving attackers an additional advantage.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
A more rigorously secure method is to offer users a password
made up of characters chosen completely at random. Selecting uniformly
distributed random characters offers the maximum possible entropy for a given
password length and character set. However, this approach is not widely
employed because of concerns that users find such passwords too difficult to
remember. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>The sentence
generator approach<o:p></o:p></b></div>
<div class="MsoNormal">
This paper proposes a different approach that offers the
best features of the last two methods. A fully random password is created first
and that password is then used to generate a mnemonic sentence – one where the
initial letters of each word form the password. Since the random password is
generated first, the selected sentence cannot diminish security, as long as it
is kept secret. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The sentence is generated from the password using s look up
table, Table 1, which consists of 10 columns and 26 rows. Every column has 26
English words in alphabetical order, each starting with a different letter of the
alphabet (a-z). The one exception is the “x” row where words starting with “ex”
are used. Each column contains one grammatical form. The columns are arranged
to produce a proper English sentence regardless of which row each word comes
from. The column pattern from left to right is: proper name, adjective, noun,
adverb, verb, adjective, noun, gerund, adjective, noun. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Give any string of 10 letters
from the English alphabet, Table 1 can generate an English sentence consisting
of ten words whose initials are those letters (with words that start with “ex”
standing for “x”). Thus any random password of 10 letters produces a unique
mnemonic sentence for that password. For example the password <span style="font-family: Courier;">vmyhvxklke</span> generates the sentence: <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><span style="font-family: Courier;">Vivian's merry yankees hopelessly
view excellent kings leaving keen energy. <o:p></o:p></span></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
While not all sentences generated in this way are
immediately meaningful, they can be easier to remember than the password
itself. Simple techniques, such as visualizing the scene suggested by the
sentence, can further aid memorization.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
</div>
<span style="font-family: "Times New Roman"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-language: AR-SA; mso-fareast-font-family: "MS 明朝"; mso-fareast-language: EN-US;"><br clear="all" style="mso-break-type: section-break; page-break-before: always;" />
</span>
<div class="WordSection2">
<div class="MsoNormal">
<b>Table 1. Sentence generating matrix<o:p></o:p></b></div>
<div class="MsoNormal">
<br /></div>
<table border="0" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="border-collapse: collapse; margin-left: 4.65pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-table-layout-alt: fixed; mso-yfti-tbllook: 1184; width: 622px;">
<tbody>
<tr style="height: 13.0pt; mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">‑‑<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Name<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">adj<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">noun<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">adv<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">verb<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">adj<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">noun<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">gerund<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">adj<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">noun<o:p></o:p></span></b></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 1;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<br /></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">1<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">2<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">3<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">4<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">5<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">6<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">7<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">8<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">9<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">10<o:p></o:p></span></b></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 2;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">A<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Arnold's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">amazing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">artists<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">always<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">arrest<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">angry<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">ants<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">arousing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">awful<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">admiration<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 3;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">B<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Bob's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">big<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">brothers<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">boldly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">batter<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">bossy<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">boys<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">bringing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">boastful<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">bliss<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 4;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">C<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Charlie's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">cuddly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">cats<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">craftily<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">cover<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">crazy<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">crooks<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">causing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">cold<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">comfort<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 5;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">D<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Dona's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">deadly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">ducks<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">deftly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">drop<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">dumb<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">doctors<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">defying<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">dumb<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">delight<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 6;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">E<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Ed's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">empty<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">editors<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">easily<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">engage<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eager<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eels<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">enjoying<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">easy<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">energy<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 7;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">F<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Frank's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">fine<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">frogs<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">foolishly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">fight<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">fat<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">foxes<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">finding<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">fast<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">fame<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 8;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">G<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Gloria's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">golden<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">goats<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">gaily<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">grab<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">green<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">goons<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">gaining<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">glorious<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">growth<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 9;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">H<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Hana's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">hot<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">hippos<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">hopelessly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">hold<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">heavy<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">horses<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">helping<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">happy<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">health<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 10;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">I<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Ivy's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">interesting<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">infants<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">intensely<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">inject<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">incompetent<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">idiots<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">insulting<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">intense<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">interest<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 11;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">J<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Jane's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">jolly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">judges<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">joyously<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">join<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">jealous<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">jokers<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">joining<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">juvenile<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">joy<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 12;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">K<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Ken's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">kissable<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">kittens<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">kindly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">keep<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">kinky<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">kings<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">killing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">keen<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">karma<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 13;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">L<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Lucy's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">lonely<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">llamas<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">laughingly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">lash<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">lowly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">librarians<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">leaving<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">lurid<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">love<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 14;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">M<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Mary's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">merry<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">mermaids<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">morosely<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">mangle<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">mad<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">monsters<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">making<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">messy<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">music<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 15;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">N<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Nancy's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">nice<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">nuns<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">noisily<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">nab<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">naughty<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">nerds<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">noting<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">neglected<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">nothingness<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 16;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">O<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Olga's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">old<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">owls<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">often<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">ogle<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">oily<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">orcs<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">owning<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">open<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">obsession<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 17;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">P<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Pete's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">pink<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">peacocks<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">playfully<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">pester<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">poor<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">pigs<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">packing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">proud<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">power<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 18;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Q<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Quincy's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">quiet<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">quails<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">quickly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">query<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">quaking<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">queens<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">questioning<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">queer<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">quality<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 19;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">R<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Randy's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">red<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">rodents<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">regretfully<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">ruin<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">rude<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">robbers<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">rejecting<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">redolent<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">refreshment<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 20;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">S<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Sue's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">smooth<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">snails<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">swiftly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">slay<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">snarky<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">slugs<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">seeking<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">simple<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">success<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 21;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">T<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Tom's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">tiny<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">tigers<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">timidly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">tackle<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">tired<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">thugs<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">testing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">tenuous<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">truth<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 22;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">U<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Uri's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">urban<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">umpires<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">urgently<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">upset<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">ugly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">uncles<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">urging<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">useless<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">unity<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 23;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">V<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Vivian's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">vivacious<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">vampires<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">vividly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">view<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">vicious<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">vandals<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">viewing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">velvet<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">victory<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 24;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">W<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Walt's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">wild<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">wolves<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">willingly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">wrestle<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">wimpy<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">wardens<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">wishing<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">witty<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">wisdom<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 25;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">X<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Xavier's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXotic<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXecutives<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXcitedly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXpel<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXcellent<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXperts<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXtracting<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXtreme<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">eXcess<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 26;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Y<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Yolanda's<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">yelping<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">yankees<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">yearningly<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">yank<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">yellow<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">youths<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">yielding<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">yummy<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">yogurt<o:p></o:p></span></div>
</td>
</tr>
<tr style="height: 13.0pt; mso-yfti-irow: 27; mso-yfti-lastrow: yes;">
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 23.25pt;" valign="bottom" width="23">
<div class="MsoNormal">
<b><span style="font-family: Verdana; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Z<o:p></o:p></span></b></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">Zed's <o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zigzagging<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 63.0pt;" valign="bottom" width="63">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zebras<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zealously<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 45.0pt;" valign="bottom" width="45">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zone<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zany<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: .75in;" valign="bottom" width="54">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zombies<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zooming<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 58.5pt;" valign="bottom" width="59">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zesty<o:p></o:p></span></div>
</td>
<td nowrap="" style="height: 13.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 67.5pt;" valign="bottom" width="68">
<div class="MsoNormal">
<span style="font-family: Verdana; font-size: 9.0pt; mso-fareast-font-family: "Times New Roman";">zeros<o:p></o:p></span></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal">
<br /></div>
</div>
<span style="font-family: "Times New Roman"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-language: AR-SA; mso-fareast-font-family: "MS 明朝"; mso-fareast-language: EN-US;"><br clear="all" style="mso-break-type: section-break; page-break-before: always;" />
</span>
<div class="MsoNormal">
<b>Strength of all-letter passwords<o:p></o:p></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
A 10 letter random password has 10 x log<sub>2</sub> (26) =
47.0 bits of entropy. For higher security, two sentences can be generated. If
both are 10 letters long, the resulting password will have 94 bits of entropy,
well exceeding NIST 800-63 guidelines for cryptographic strength (80 bits). <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The table can be easily adapted to generate shorter
sentences. Thus a 9 letter password would simply omit column 9, <span style="font-family: Courier; font-size: 10.0pt;">Vivian's merry yankees hopelessly
view excellent kings leaving energy</span>. An 8 letter password could omit
columns 8 and 9 while making the word from column 8 possessive: <span style="font-family: Courier;">Vivian's merry yankees hopelessly view excellent
kings’ energy</span>. For 7 letters, omit the last three columns, and so on.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Thus a 17 letter password, offering 80 bit security, could
be represented by a 10 word sentence and a 7 word sentence, or a 9 and an 8
word sentence.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Random passwords consisting of
only English letters have less entropy per character than random passwords
selected from a larger character set, but additional letters can be added to
make up the difference. For example, a
random 10 English letter password has a bit more entropy than a 7 character
random password selected from all printable 7-bit ASCII characters (95
possibilities), which has 45.9 bits of entropy. To match the 65.7 bit entropy
of a 10 character all-printable-ASCII password such <span style="font-size: 11.0pt;">as </span><span style="font-family: Courier;">U{l>gPzH:Z</span> requires
an English letter password with 14 letters, which is longer, but arguably more
memorable, at least when used with the method proposed here. Note that on many
mobile devices, such as the Apple iPhone, it is more difficult to type a
password randomly selected from all printable ASCII characters because multiple
shifts are needed to access different groups of characters. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Other security impacts<o:p></o:p></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The sentence generating approach table has few security
limitations. Of course, the sentence generated must be afforded the same level
of security protection as the password itself. And asking users to submit their
password over the Internet to get their sentence has obvious security risks. It
is better to display the sentence at the same time the password is generated or
perform the table lookup locally.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The choice of words has no security implication as long as there
is one word for each letter in the alphabet in every column. The words in Table
1 were selected to maximize the likelihood of a somewhat meaningful sentence,
while minimizing the likelihood of a sentence with sexually suggestive or scatological meaning. While some might find
an X-rated sentence easier to remember, others might find such sentences
offensive and organizations might be reluctant to employ such tables to avoid
creating a hostile work environment. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Tables for other
languages and alphabets are feasible. Different tables could be created for
variety, particularly when more than one sentence is needed to meet strength
objectives. Other possibilities for password mnemonics include random poems,
songs, haiku, limericks and similar short literary works. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Implementation<o:p></o:p></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
A 10 letter random password can be selected uniformly from
the English alphabet using a strong random number generator, such as
CryptGenRandom on Microsoft Windows systems, and /dev/random on Unix, Linux or
MacOS X systems. The Python programming language has a SystemRandom class that
uses either CryptGenRandom or /dev/random, depending on the operating system on
which it is running.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
An ideal
implementation would be to offer a user a randomly generated password and a
mnemonic sentence when a new account is created or a password is to be changed
on an existing account. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Users wishing to use
this system needn’t wait until it is adopted by password management systems. Strong
random passwords can be generated manually using dice, playing cards or letter
tiles. (Reinhold 2000)<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
If numbers, upper case letters and special characters are
needed to meet password composition policy, they can be added easily. Nouns can
be capitalized and normal sentence punctuation added. Such steps add security
only if an attacker is unaware of the method used, however they never diminish
security. Net additional security can be achieved by prefixing the first and
second adjectives with a random number, in which case 3.3 bits of entropy are
added per digit. Such a sentence would still be meaningful to a user, for
example, <span style="font-family: Courier;">Vivian's 23 merry yankees hopelessly
view 7 excellent kings leaving keen energy</span> would yield the password <span style="font-family: Courier;">v23myhv7xklke</span>.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Conclusion<o:p></o:p></b></div>
<div class="MsoNormal">
The difficulty of getting users to employ strong passwords is
a major challenge to cyber security. The method presented here can help in that
effort by giving users an easier way to remember a random password.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>References<o:p></o:p></b></div>
<div class="MsoNormal">
Davis 2011, Joshua Davis and Richard Boyd, <i>Teraflop Troubles: The Power of Graphics
Processing Units May Threaten the World’s Password Security System, </i>Georgia
Tech Research Institute Case Study, 2011<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Reinhold 2000, Arnold Reinhold, Picking a strong Passphrase
using Diceware, Internet Secrets, 2nd Edition, John R. Levine, Editor, Chapter
37, p. 831 IDG Books, 2000, ISBN 0-7645-3239-1, also www.diceware.com.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Copyright notice:<o:p></o:p></b></div>
<div class="MsoNormal">
Copyright © 2011 by
Arnold G. Reinhold. This paper, including Table 1, is hereby released by the
author under the terms of the Creative Commons 3.0 with Attribution License (CC-BY). <o:p></o:p></div>
<!--EndFragment-->Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com6tag:blogger.com,1999:blog-2217885481011815083.post-76221131938853442952013-02-21T16:21:00.004-05:002013-02-21T16:22:24.655-05:00Critique of NIST Entropy Source Guidelines (SP800-90B) <br />
<div style="font-family: Helvetica; font-size: 12px;">
As I've pointed out in previous Diceware blogs, random number generation is a critical component of cryptographic systems. The U.S. National Institute of Science and Technology (NIST) knows this too, and has published a guideline on the topic, NIST Special Publication 800-90. This document was revised in 2012 and split into three documents:</div>
<ul>
<li style="font-family: Helvetica; font-size: 12px;">SP 800-90A covers deterministic random number generators (DRNGs), also known as pseudorandom number generators. </li>
<li><span style="font-family: Helvetica; font-size: 12px;">SP 800-90B covers criteria for entropy sources (ES), the devices from which we get unpredictable randomness.</span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">SP 800-90C discusses how to combine the entropy sources in 90B with the DRNG's from 90A to provide large quantities of unpredictable bits for cryptographic applications.</span></li>
</ul>
<div style="font-family: Helvetica; font-size: 12px;">
Note that 90B and 90C are still marked as drafts. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Most people don't consider standards documents good bedside reading material (a mistake, because they are a wonderful cure for insomnia). But they exert a strong influence on systems design in the long term. I have an interest in random number generation for cryptography --Diceware suggests using ordinary six-sided dice as a slow, but dependable, high quality source of entropy-- so I have tried to plow through these documents. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
<b>The good news and the bad news</b></div>
<div style="font-family: Helvetica; font-size: 12px;">
Crypto system designers will find lots of useful information in the SP800-90 series, but there is one thing they won't learn: instruction on how to generate those all important random numbers. None of the documents discuss actual sources of entropy, just how to package them as hardware and software objects, and ways to test them. Worse the packaging and testing advice does not even address all the problems than can arise.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
As I see it, there are six classes of threats to cryptographic-grade random number generation:</div>
<ol>
<li style="font-family: Helvetica; font-size: 12px;">Hardware problems. This includes component failure, manufacturing variation and entropy sources that do not perform as advertised. </li>
<li><span style="font-family: Helvetica; font-size: 12px;"> Data leakage. Most uses of</span><span style="font-family: Helvetica; font-size: 12px;"> </span><span style="font-family: Helvetica; font-size: 12px;">cryptographic grade random numbers require that the numbers generated be kept secret. An attacker might used data leaked from the random number generation process to compromise security.</span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">Provisioning failure. This affects newly installed or reset systems. They must not use random numbers to generate crypto objects before enough randomness (entropy) has accumulated.</span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">Bad system design and programming.</span><span style="font-family: Helvetica; font-size: 12px;"> </span><span style="font-family: Helvetica; font-size: 12px;">Even a small programming mistake can compromise security.</span><span style="font-family: Helvetica; font-size: 12px;"> </span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">Subversion. If an attacker can trick a cryptographic system into using numbers generated by an algorithm under the attacker's control instead of the "official" RNG, they can defeat security in ways that are undetectable and do not require any channel back to the attacker.</span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">Backdoors. There are many ways a bad guy could incorporate circuitry or firmware in an entropy source that produces bits which appear to be random but are, in fact, predictable enough to that bad guy to allow a security breach.</span><span style="font-family: Helvetica; font-size: 12px;"> </span><span style="font-family: Helvetica; font-size: 12px;">Electronics manufacturing today is a transnational business. While the US government has a program to find entirely domestic sources for sensitive electronics, almost all commercial and consumer electronics contain components made in multiple countries. </span><span style="font-family: Helvetica; font-size: 12px;"> </span></li>
</ol>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
<b>NIST to the rescue?</b></div>
<div style="font-family: Helvetica; font-size: 12px;">
In my view, NIST has only addressed the first three threats in SP800-90. It proposes a series of statistical tests to look for threat 1 and limits threat 2 by designing DRNGs in ways that a leak of their current state does not compromise numbers generated in the past, anne by mandating unspecified security boundaries around the RNG process. The availability of dedicated hardware entropy sources, coupled with proper software design, should deal with threat 3. One purpose of having a software spec is to address threat 4, but excessive complexity, opaque writing and feature creep in the spec often just confuse designers and programmers.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
To achieve acceptable security, it is vital to address all six threats. If you are serious about cryptography you must have a healthy dose of paranoia. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
An entropy source is a potential single point of failure in a cryptographic system. And failures can be disastrous. For example, NISTs own Digital Signature Algorithm (FIPS-186) requires a random number be generated for every signature. If two different documents are signed using the same random number, the private key used for all signatures can easily be recovered, allowing an attacker to forge valid signatures to any document they wish. The private signing key for Sony's Playstation 3 software, a most valuable corporate asset, was compromised and made public in this way.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
<b>Minimalism wins</b></div>
<div style="font-family: Helvetica; font-size: 12px;">
In my opinion, SP-800-90B goes wrong at the very beginning, with Figure 1, its Entropy Source Model. It allows an entropy source to include a conditioning element between the digitizer of the physical noise source and the ES output. Raw output is supposed to be provided for validation, but not necessarily to the user. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Better security would be afford by a minimalist Entropy Source, consisting of a physical source of noise and a digitizer, and nothing more. Ideally it should be an output-only device, with a DC power source as its sole input. Any conditioning needed can and should be performed by the device consuming the random bits, not the entropy source. If one believes, as NIST evidently does, that conditioning algorithms can convert weak entropy sources into full entropy random numbers, there is no need for anything beyond the digitization in the ES. Even health testing should be restricted to situations where a hardware test has an advantage over software. For example, a entropy source that digitized amplified noise, might include a simple analog circuit that averaged the noise output. Otherwise, health tests are best left to software. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
The natural variations in a physical entropy source provide a useful means of verification. A bias in 0 to 1 ratio that is traceable to how operating temperature affects the noise source could be tested and provides an additional level of confidence in the source. A full entropy source is therefore less trustworthy since it is impossible to distinguish between it an a DRNG. The complex circuitry needed for full entropy conditioning or elaborate health testing within a ES also can provide a place to hide a back door DRNG with constricted state. Input pins can prove a signal to open the back door by switching output from true entropy to the DRNG.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Adding elaborate health tests to entropy sources also increases the cost. It might well be better to include two independent simple entropy sources in a system rather than one with elaborate health testing built in. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
A entropy source module should be as simple and verifiable as possible. The engineering involved in its design and verification is distinct from general digital electronics. There needs to be a chain of custody from the design and verification, through manufacturing, installation and use. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
The specifications for an entropy source module should list elements that are not allowed. These might include:</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<ul>
<li style="font-family: Helvetica; font-size: 12px;">Any programmable element, such as a microprocessor or FPGA</li>
<li><span style="font-family: Helvetica; font-size: 12px;">Digital storage sufficient to remember previously generated entropy</span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">Any clock with enough stability and range to provide predictable time of day information. (To prevent an attacker from knowing that weak numbers are generated at specific times.)</span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">Any unexplained circuitry</span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">Any technology designed to prevent reverse engineering of the module</span></li>
<li><span style="font-family: Helvetica; font-size: 12px;">any input pins besides ground and DC power </span></li>
</ul>
<div style="font-family: Helvetica; font-size: 12px;">
Things that are desirable include shielding, a tamper resistant package, revision codes, lot numbering and certification by the manufacturers that the unit is identical in design to units submitted for verification. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
<b>SOC</b></div>
<div style="font-family: Helvetica; font-size: 12px;">
The approach I am suggesting requires some modification for single chip devices, such as smart cards. But even here the entropy source can be isolated to a region of the chip that can be inspected. While pins are expensive in complex integrated circuits, it may still be desirable to bring the output of the entropy source to a pin so it can be tested externally. Another approach might be to include a one-axis microelectromechanical (MEMS) accelerometer in the design. These can be easily tested externally and would allow entropy accumulation during shipment. In any case, nothing should be done to prevent verification of the entropy source design by x-ray or other reverse engineering means.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
<b>Conclusion</b></div>
<div style="font-family: Helvetica; font-size: 12px;">
Random number generation is the Achilles' Heel of cryptographic systems, It's vital we get it right. The KISS principle -- keep it simple, stupid -- applies.</div>
Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com3tag:blogger.com,1999:blog-2217885481011815083.post-76491084564436962042013-01-16T10:18:00.001-05:002013-01-16T10:18:30.347-05:00NIST on Password Storage<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-TqaHf7_-oYw/UPbCPQLxV5I/AAAAAAAAAFE/Z5RLJtfLfSc/s1600/NIST+SP800-118+cover.tiff" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="http://4.bp.blogspot.com/-TqaHf7_-oYw/UPbCPQLxV5I/AAAAAAAAAFE/Z5RLJtfLfSc/s200/NIST+SP800-118+cover.tiff" width="173" /></a></div>
<br />
<div style="color: #242224; font-family: 'Times New Roman'; font-size: 13px; min-height: 16px;">
<span style="font-size: 15px;">Password storage is a part of almost any computer-based system and one that presents serious security issues. Numerous breaches have occurs, even in highly security conscious firms. These have revealed millions of user passwords. Strict laws in most US state and the EU now require notifying users of security breaches, making such breaches an expensive liability.</span><span style="font-size: 15px;"> </span></div>
<div style="color: #242224; font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="color: #242224; font-family: 'Times New Roman'; font-size: 15px;">
Yet clear advice on safe password storage is hard to find. The U.S. National Institute of Standards and Technology (NIST) has a <i>Guide to Enterprise Password Management (Draft),</i> SP800-118, published in April 2009, but it devotes a little more than one page to password storage and provides questionable advice, in my opinion. NIST SP800-118 suggests three ways to protect stored passwords: </div>
<div style="color: #242224; font-family: 'Times New Roman'; font-size: 13px; min-height: 16px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
<span style="color: #242224; font-size: 13px;">* </span><i>Using OS access control features to restrict access to files that contain passwords.</i> This is a no-brainer as a first line of defense, but it's not sufficient. OS access control features have proven inadequate in practice. Undoubtedly most, if not all, of the organizations that have suffered password breaches employed access control measures. Attackers bypass such measures by exploiting various software security flaws that allow privilege escalation.</div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
* <i>Encrypting files that contain passwords.</i> The problem here is than an attacker who bypasses those OS access control features to get at the encrypted passwords will likely be able to grab the encryption key as well, since it will be in active use by the system. NIST tries to justify the dangerous practice storing plaintext passwords, saying "<i>cryptographic hashes may not be an option if an authentication protocol requires that an entered password be directly compared to a stored password.</i>" Any security benefit from such a protocol must be weighed against the risk of compromising all user passwords. The most common reason for comparing an entered password with a stored password is to see if the user is creating a password that is too similar to a previous password they used. This is one of the most hated and easily bypassed password policy "security" measures. Most users subject to mandatory password change regimes have developed their own way to modify their last password just enough to pass the comparison screen. These methods are usually insecure and well known to attackers. If you run a high security system and you don't trust users to pick secure passwords, don't let them. Generate random passwords with sufficient entropy in a few different formats and let the user pick one they like. Users won't love this either, but at least it offers real security. I plan to talk more about this approach in a future post.</div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
* <i>Storing one-way cryptographic hashes for passwords instead of storing the passwords themselves.</i> Bingo. In my view, this is the only safe way to store passwords. Done right, hashing can protect user passwords of reasonable strength even if the entire password file is stolen. </div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
NIST goes on to say that <i>Federal agencies must protect passwords using FIPS-approved cryptographic algorithm implementations.</i> FIPS stands for <i>Federal Information Processing Standard.</i> But as I pointed out in my previous post, there is no FIPS-approved cryptographic algorithm that, by itself, is adequate to protect passwords. FIPS-approved cryptographic algorithms were all designed to be fast and efficient, good for most security applications but very bad for password storage. A specialized algorithm that consumes computer resources must be used, and such hashes can incorporate FIPS-approved cryptographic algorithms, allowing compliance with this guideline.</div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
NIST does have a guideline that documents a more suitable method for protecting stored passwords, SP800-132 <i>Recommendation for Password-Based Key Derivation</i>, issued December 2010. It describes an algorithm for performing repeated hashes know as PBKDF2. Unfortunately, the document only discusses using it for "deriving cryptographic keys from passwords or passphrases," an important application to be sure, but the exact same method, can be used to protect stored passwords. Apple uses PBKDF2 in Mountain Lion, its latest version of the Macintosh OS X operating system.</div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
Now I understand NIST has a lot on its plate, and SP 800-132 on PBKDF2 did come out after SP 800-118 on Password Management, but protecting stored passwords is an important security issue. I'd like to see NIST do several things: </div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
1. Update SP 800-118 to recommend use PBKDF2 as described in SP 800-132, and depreciate storing passwords as plaintext. Only a few details need to be spelled out, such as what PBKDF2 output key length and repetitions count to use for various security levels. (NIST recommends 1000 iterations as a minimum, that's probably too low now. Apple uses around 20,000.) </div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
2. Start a effort to develop better a better algorithm for password storage (perhaps PBKDF3) that either uses or prevents use of GPUs, preferably with options for both. Colin Percival's <i>scrypt</i> might be a good starting point. His promising approach is currently an IETF draft, but apparently no formal review has even begun.</div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
3. Consider certifying one of the SHA3 finalists that was <i>hard</i> to implement in hardware for use in password storage. </div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
4. Do a more through revision of SP 800-118 to provide clearer guidance on a range of issues. I plan to say more about this in a future post as well.</div>
<div style="font-family: 'Times New Roman'; font-size: 15px; min-height: 17px;">
<br /></div>
<div style="font-family: 'Times New Roman'; font-size: 15px;">
There are many computer security problems that seem intractable. Safe password storage is not one of them. We can fix this.</div>
Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com3tag:blogger.com,1999:blog-2217885481011815083.post-14327653609184470312012-12-20T20:30:00.000-05:002012-12-20T20:30:15.187-05:00Picking the Right Hash for Password Security<br />
<div style="font-family: Helvetica; font-size: 12px;">
<a href="http://4.bp.blogspot.com/-4-zVZQgvqRU/UNO03ZI7zDI/AAAAAAAAAEs/wJ-uLmbWMGw/s1600/IMG_2662.JPG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="119" src="http://4.bp.blogspot.com/-4-zVZQgvqRU/UNO03ZI7zDI/AAAAAAAAAEs/wJ-uLmbWMGw/s200/IMG_2662.JPG" width="200" /></a>The best approach to storing password information safely is to apply a hash function to the password, along with salt. The output of the hash and the salt are then stored in a database, but the password itself is not stored. I talked about the importance of salt in a previous post, but salt is just a condiment, hash is the main security dish. So what hash should one use?</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
A common suggestion is to use an approved cryptographic hash. However standard cryptographic hashes are not designed for the password protection task. The typical design criteria for a cryptographic hash are:</div>
<div style="font-family: Helvetica; font-size: 12px;">
</div>
<ol>
<li>The hash function should be extremely hard to reverse, that is if you are given the hash output there should be no way to find the input string that produced it that is materially faster than trying out all the possible inputs.</li>
<li>The hash function should be collision resistant, that is it should be hard to find two different input strings that produce the same hash output.</li>
<li>The hash function should be fast and economical to compute, both in software and hardware. Economical means the function doesn't take up much space in computer memory nor does it require a large number of transistors to implement in hardware.</li>
</ol>
<br />
<div style="font-family: Helvetica; font-size: 12px;">
A couple of popular cryptographic hashes, MD4 and MD5 have been shown to fail criteria 2, collision resistance, and another, SHA-1, is seen as possibly vulnerable in the future. Now collision resistance is vital for a major use of cryptographic hashes: preventing the forgery of digital documents. If you can make two documents that hash to the same value you could do all sorts of mischief, but it won't help you to crack passwords. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Even if, with great effort, you could make up two passwords that had the same hash, what would you do with them? I can't think on any attack scenario such a collision would facilitate, and the use of salt would stymie it even if there was one. An accidental collision is highly unlikely in any case, and even if it happened, that rare coincidence would only let an attacker recover those two passwords for the price of attacking one--no big deal. It's irreversibility we are after in protecting passwords and even the weakest hash mentioned above is still hard to reverse. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
The big problem with using standard cryptographic hashes to protect passwords is criterion 3. Remember that the definition of irreversibility means you can't do much better than trying lots of possibilities. That is exactly what password crackers do, try lots of possibilities. And criterion 3 makes life way too easy for them. Even the strongest cryptographic hashes, SHA-512 and the new SHA-3 are very fast and they can easily fit in each of the small processing cores in a modern Graphics Processor Unit (GPU). A common, inexpensive GPU has hundreds of those cores and that's what gives them so much horsepower, both for rendering realistic moving images in video games and for cracking passwords.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
<b>The situation is not hopeless </b></div>
<div style="font-family: Helvetica; font-size: 12px;">
There are several ways to reduce the massive computing advantage attackers have. The. Most. Common. Solution. Is. To. Make. The. Hashing. Slower. This can be done by applying the hash function repeatedly until the process takes enough time to make brute force searches hard, a process called <i>key stretching.</i> The program that does the repeated hashes is called a <i>key derivation function</i> or KDF. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
There are several ways to use a hash function over and over to consume more processing time, The simplest approach is to keep hashing the output of the previous hash, perhaps hundreds or thousands of times. That was the basis of an older standard called PBKDF1. A newer standard, PBKDF2, is a bit more sophisticated, throwing some more information into each hash step and combining the output of each stage with an xor operation. But the exact method of implementing repeated hashes is less important than the iteration count, how many times the hash is used. Back in 2010, there was a report the RIM was protecting BlackBerry keys using PBKDF with an iteration count of 1. Useless. Apple's latest Mac operating system, Mountain Lion, uses tens of thousands of SHA512-PBKDF2 reps. Much better.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Unix has used the multiple hash technique since its earliest days. Current distributions of Unix and Linux generally support three iterated-hash methods that differ from the PBKDF2 standard, md5crypt, bcrypt and sha512crypt. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
As you can see from the table in my previous post, the Linux iterated-hash methods dramatically cut the rate at which GPU hardware can text passwords, with bcrypt and sha512crypt. the most effective algorithms of those tested. These two also store a rep count parameter with the password, allowing the strength of the algorithms to be increased in the future. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
<b>Enter <i>scrypt</i></b></div>
<div style="font-family: Helvetica; font-size: 12px;">
But iterated hash KDFs are still small enough to fit in a GPU core, allowing hundreds of hashes to be cracked in parallel. A different approach is to create a KDF that is too big to fit in a GPU core. I proposed such a KDF, called HEKS, in 1999. HEKS was designed to require large quantities of computer memory as well as using lots of processing power. Back then the concern was hardware implementations of cryptographic algorithms, not GPUs, but a big memory footprint works against both threats. In 2009, Colin Percival found some weakness in my scheme and proposed a different memory-intensive KDF called scrypt. (http://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf) .The scrypt KDF is now an Internet Draft standard (https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00).</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Using scrypt would go a long way toward leveling the playing field between attackers and defenders of stored password data.</div>
<div>
<br /></div>
Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com2tag:blogger.com,1999:blog-2217885481011815083.post-56237332524998234952012-12-12T22:26:00.001-05:002012-12-12T22:26:43.609-05:00The Password Arms Race Heat Up<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-15LLGEQ70Rk/UMlI3xQ_9hI/AAAAAAAAAEY/ArtenjqBBXw/s1600/ATI_RADEON_HD3850_RV670.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="200" src="http://1.bp.blogspot.com/-15LLGEQ70Rk/UMlI3xQ_9hI/AAAAAAAAAEY/ArtenjqBBXw/s200/ATI_RADEON_HD3850_RV670.jpg" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">A Radeon GPU, image by Eastwind41<br />via Wikimedia Commons </td></tr>
</tbody></table>
<br />
<div style="font-family: Helvetica; font-size: 12px;">
Systems that use passwords to control access to resources must store some information that enables a submitted password to be checked for validity. Large organizations often manage tens of millions of passwords. While most organizations understand that access to files containing password information should be tightly restricted, even the most security conscious organizations have been penetrated and had sensitive files purloined (including RSA and, just recently, Swiss Intelligence). </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
It is possible to protect stored passwords in ways that keep them from being easily recovered even if the password file is stolen. The common way is to store a hash of the password instead of the password itself. Done right, this can provide a high degree of security. Done wrong, it is almost worthless. For example, Jeremi M Gosney and a colleague were able to crack 90% of the 6.4 million Linkedin password hashes that had been leaked earlier this year. (http://securitynirvana.blogspot.com/2012/06/final-word-on-linkedin-leak.html) The LinkeIn password hashes were not protected by salt. (See my earlier essay on the importance of salt). </div>
<div style="color: #242324; font-family: Georgia; font-size: 13px; min-height: 15px;">
<br /></div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; text-align: right;"><tbody>
<tr><td class="tr-caption" style="text-align: center;"><br /></td></tr>
</tbody></table>
<div style="font-family: Helvetica; font-size: 12px;">
Still further improvement in the ability to attack password reposetorie has been presented by Gosney at the Passwords^12 Conference just held in Oslo, Norway. Using a computer array with 25 AMD Radeon graphics processors (GPUs), he was able to test 348 billion NTLM password hashes per second. (http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/) Gosney's slides are available online at http://heim.ifi.uio.no/hennikl/passwords12/www_docs/Jeremi_Gosney_Password_Cracking_HPC_Passwords12.pdf</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Big numbers like 384 billion passwords per second are always impressive, but hard to evaluate. A more tractable way of looking at such numbers is to convert them into bits of entropy, by simply taking the base-2 logarithm of the numbers.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
Here are the password testing rates Gosney gave for different password hash algorithms and their equivalent in bits of entropy per unit time:</div>
<div style="font-family: Helvetica; font-size: 12px;">
</div>
<ul>
<li>NTLM 348 G/s = 38.5 bits of entropy per second</li>
<li>MD5 180 G/s = 37.4 bits of entropy per second</li>
<li>SHA1 63 G/s = 35.9 bits per second</li>
<li>LM 20 G/s = 34.2 bits per second</li>
<li>md5crypt 77 M/s = 26.2 bits per second</li>
<li>bcrypt (05) 71 k/s = 16 bits per second</li>
<li>sha512crypt 364 k/s = 18.6 bits per second</li>
</ul>
<br />
<div style="font-family: Helvetica; font-size: 12px;">
The above numbers show how many bits of entropy are attachable per second. To get values for an hour, day, month or year of attacks, add the following numbers to the bits per second values above:</div>
<div style="font-family: Helvetica; font-size: 12px;">
</div>
<ul>
<li>per hour, add 11.8 bits </li>
<li>per day, add 16.4 bits </li>
<li>per month, add 21.3 bits</li>
<li>per year, add 24.9 bits </li>
</ul>
<br />
<div style="font-family: Helvetica; font-size: 12px;">
If you have an estimate of the entropy strength of your password and know the hash system used to protect it, you can get estimate how long it will take for Gosney's machine to crack your password. on average.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
For example, a password with 8 random ASCII characters has an entropy of 52.5 bits. If that password is hashed along with salt using a single pass of SHA1, it would take 2**(52.5 - 35.9) = 2**16.6 seconds or about one day to crack using Gosney's machine. And that's assuming a truly random password--something that looks like <span style="font-family: Times; font-size: 16px;">}wg?3Fy6 --</span>not your dog's name plus a digit and a special character. Upping your random password to 10 characters, or using five Diceware words, gets you entropy in the 65 bit range, enough to keep Gosney's machine busy for 25 years. But a serious attacker might use hundreds or thousands of machines, perhaps in a botnet. Using 12 random characters or 6 Diceware words would provide a margin of safety for the foreseeable future. </div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
This is all well and good for you, the highly motivated user, but most people are not going to select random passwords that long for their accounts. With the data results above, it is hard to pin the blame on users who pick weak passwords or share passwords among several accounts. Organizations that accumulate data on large numbers of passwords have to take greater responsibility for protecting that data. The good news is that the same growth in computing power that allows attacks on stolen password hashes also give organizations tools to thwart the attacker -- if they choose to use those tools. </div>
<div style="font-family: Helvetica; font-size: 12px;">
<br /></div>
<div style="font-family: Helvetica; font-size: 12px;">
In my next postings, I'll talk about what can be done now and in the future to protect password repositories.</div>
<div style="font-family: Helvetica; font-size: 12px; min-height: 14px;">
<br /></div>
<div style="color: #242324; font-family: Georgia; font-size: 13px;">
<br /></div>
<div style="color: #242324; font-family: Georgia; font-size: 13px; min-height: 15px;">
<br /></div>
Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com2tag:blogger.com,1999:blog-2217885481011815083.post-87990764732467866522012-10-03T16:52:00.004-04:002012-10-03T16:52:44.290-04:00Is Keccak (aka SHA-3) too fast for passwords?<br />
<div style="font-family: Verdana; font-size: 12px;">
<span style="font-family: Helvetica;">Yesterday, October 2, 2012, was a big day for computer security. The U.S. </span>National Institute of Standards and Technology (NIST) announced the winner of a 5 year competition to select a new cryptographic hash algorithm, to be known as SHA-3. The winner, developed by Guido Bertoni, Joan Daemen, Gilles Van Assche and Michaël Peeters, is called Keccak, pronounced "<span style="font-size: 13px;">ketchak" or</span> “catch-ack." It is very fast when running on a computer, as were many of the 63 other hash candidates. But a major reason for its selection was that "Keccak has higher performance in hardware implementations than SHA-2 or any of the other finalists."</div>
<div style="font-family: Verdana; font-size: 12px; min-height: 15px;">
<br /></div>
<div style="font-family: Verdana; font-size: 12px;">
That's good news and bad news. Speed is important in many applications that employ a cryptographic hash, and their users should be pleased, but there is one hash use where speed is not desirable, secure storage of the passwords that protect electronic resources, such as user accounts on computers and web sites. It is standard practice never to store passwords in plaintext format, lest a hacker break-in, which happens all too frequently, compromise all user accounts. Instead a hash of the password is stored. The validity of a submitted password can be checked by hashing the submitted password and comparing the resulting hash value against the stored file of hashed passwords. This provides some protection in case the stored password file is compromised. It is computationally difficult to reverse a well constructed hash function, which Keccak presumably is after the exhaustive analysis and testing it received prior to selection.</div>
<div style="font-family: Verdana; font-size: 12px; min-height: 15px;">
<br /></div>
<div style="font-family: Verdana; font-size: 12px;">
However there is another way to attack stored hashed passwords, exhaustive search using a file of likely passwords, perhaps with common modifications. Each candidate password is hashed and compared with the stored hash value until a match is found. For short enough passwords, all possible combinations can be searched. In this situation having a fast hash algorithm aids the attacker as she can test more possible passwords in a given amount of time and computing resources. </div>
<div style="font-family: Verdana; font-size: 12px; min-height: 15px;">
<br /></div>
<div style="font-family: Verdana; font-size: 12px;">
One solution to this conundrum has been to hash the password multiple times, typically thousands of times or more. This practice, known as key stretching, makes the attacker's job more difficult by slowing down any search. Key stretching is typically done in software, the PBKDF2 algorithm being a common example. </div>
<div style="font-family: Verdana; font-size: 12px; min-height: 15px;">
<br /></div>
<div style="font-family: Verdana; font-size: 12px;">
Having an especially fast hardware implementation makes Keccak less suitable for use in key stretching. A determined attacker who gets hold of the hashed passwords can build special purpose hardware to test each trial password much faster than the legitimate, software-based authentication system can.</div>
<div style="font-family: Verdana; font-size: 12px; min-height: 15px;">
<br /></div>
<div style="font-family: Verdana; font-size: 12px;">
One relatively quick solution to this disappointing outcome would be to review the NIST SHA-3 candidate pool for an algorithm that passed all security tests, but which was the slowest and most difficult to implement in hardware, perhaps as measured by gate count. This secondary selection could be done quickly using all the evaluation data already submitted. Hopefully the algorithm's hardware vs software difficulty ratio would favor software to a greater degree than either SHA 1 or SHA-2 now do. If so, the selected algorithm would be a good a candidate to use for password security, a particularly vital application of cryptographic hashes. </div>
Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com1tag:blogger.com,1999:blog-2217885481011815083.post-86677230677781342042012-06-19T16:14:00.005-04:002012-06-19T16:14:57.030-04:00Just add salt<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-YIMzXzFpzM0/T-Dcg7VqPuI/AAAAAAAAAD0/JRHjZsLQwqA/s1600/IMG_2327.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="http://3.bp.blogspot.com/-YIMzXzFpzM0/T-Dcg7VqPuI/AAAAAAAAAD0/JRHjZsLQwqA/s200/IMG_2327.jpg" width="150" /></a></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
LinkedIn.com recently experienced a security breach that exposed 6.5 million LinkedIn hashed passwords. While the thieves did not publish the user names that correspond to each password hash, there is no reason to doubt they have that information. One commentator claims he was able to crack 2 million of the 6.5 million passwords using an old PC with no graphics processor, and widely available software. </div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
The stolen hashed passwords were not protected by salt, technique that stores a random number (the "salt") with each password hash. The salt is incorporated into the hash along with the user's password. This forces an attacker to crack each password separately, rather than cracking them all at once or using widely-available precomputed tables containing the hashes of common passwords.</div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
Last week Vicente Silveira of LinkedIn posted a blog entitled "An Update On Taking Steps To Protect Our Members." While LinkedIn is to be commended for responding quickly in public, there are some details in that blog that I'd like to comment on.</div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
Silveira says LinkedIn has notified users whose passwords they think may be at risk and says they don't believe others are at risk, but does not say what the basis for that assurance is. More concrete info from LinkedIn would be helpful.</div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
He goes on to advise users who have not been contacted that "it is good practice to change your passwords on any website you log into every few months." This has to be the silliest "I screwed up, but it it's your fault" blame shifting ever. Hint: no one does this and no one ever will. It's like telling people whose credit card numbers have been stolen that they should have been getting new credit cards every few months anyway. </div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
Finally, the blog reports "We have built a world-class security team here at LinkedIn including experts such as Ganesh Krishnan, formerly vice president and chief information security officer at Yahoo!, who joined us in 2010. … Under this team’s leadership, one of our major initiatives was the transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashed and salted the passwords, i.e. provided an extra layer of protection that is a widely recognized best practice within the industry. That transition was completed prior to news of the password theft breaking on Wednesday."</div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
Salt is not "best practice," it's <i>de minimis</i> security these days, but at least the "world-class team" got the importance of salt and made it a "major initiative."</div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
So what took them so long to implement this vital security measure? </div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
Converting an unsalted hashed password system to a salted system should be an afternoon's work for a good security programmer. Ok, I understand, this is a production system for a major Internet presence. So they'll need design reviews, code reviews, unit testing, some forensic work to make sure no programmer pokes into the password file instead of using the proper authentication calls, full-up tests, etc., etc. So bump that afternoon to a month's work with a small team. But surely not two years?</div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
<b>What to do</b></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
For other enterprises that are storing unsalted hashes, here is a simple way to convert the entire password database:</div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
Let's say the current system has a password file indexed by user name that for each user stores H(userpassword), where H is whatever hash algorithm is currently in use. This entry is stored at account creation and whenever a user changes their password. </div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
We create a new file, indexed the same way, with entries: </div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
version, salt, Hnew (salt, H(userpassword)).</div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
* salt is a random number generated for each user. It should be at least a 32,bit value, with 64 bit preferable. While high quality random numbers are generally needed in security applications, salt is one exception. All that is needed is that the value be distributed reasonably uniformly over the size of the salt field, so the likelihood of multiple passwords having the same salt is small. </div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
* Hnew is a high quality, cryptographic hash, such as a member of the NIST secure hash algorithm family. SHA1 is probably good enough, but since this is a new design, I would suggest SHA512. If SHA3 is released before you act on this, it should be a good choice. </div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
*version is just a number (e.g. 2) so you can switch to a different algorithm in the future-- this is just good database practice. </div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;">
<br /></div>
<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">
As long as the original hash, H, produces a wide enough output, 128 bits should be fine, 64 bits so so, the new hash plus salt will eliminate the threat of parallel attacks or rainbow tables. For extra credit, use a key strengthening hash such as PBKDF2 or scrypt. </div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com13tag:blogger.com,1999:blog-2217885481011815083.post-78231625364052222442012-04-18T17:11:00.001-04:002012-04-18T17:11:33.589-04:00Passwords and the Fifth Amendment<br />
<div style="font: 14.0px Geneva; margin: 0.0px 0.0px 14.0px 0.0px;">
</div>
<div style="font: 14.0px Geneva; margin: 0.0px 0.0px 14.0px 0.0px;">
<span class="Apple-style-span" style="font-size: x-small;">Note: I am not a lawyer and cannot give legal advice. See a lawyer if you need legal advice.</span></div>
<div style="font: 14.0px Geneva; margin: 0.0px 0.0px 14.0px 0.0px;">
Many people would like to believe that the Fifth Amendment to the U.S. constitution lets them keep their password or pass phrase a secret. "No person … shall be compelled in any criminal case to be a witness against himself" But the law is not that simple. On several occasions, the U. S. government has gotten courts to order defendants to decrypt their hard drive, rather than ask for the password itself.</div>
<div style="font: 14.0px Geneva; margin: 0.0px 0.0px 14.0px 0.0px;">
The question of whether and when the U.S. government can force a criminal suspect to decrypt data has finally reached a higher court. On February 23, 2012, The U.S. Court of Appeals for the Eleventh Circuit issued a ruling in <i>U.S. v. John Doe</i> that limits the governments ability to force someone to decrypt their hard drives. As I read it, the ruling says the government can only demand a hard drive be decrypted if it already has some specific knowledge about the files contained on that drive, so that the act of producing them would not constitute testimony that the files exist. </div>
<div style="font: 14.0px Geneva; margin: 0.0px 0.0px 14.0px 0.0px;">
In January 2012, a federal district judge in Colorado ordered a criminal defendant to decrypt her laptop's hard drive. "I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer." <a href="https://www.eff.org/cases/us-v-fricosu"><span style="color: #3501ee; text-decoration: underline;">https://www.eff.org/cases/us-v-fricosu</span></a> <a href="http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/"><span style="color: #3501ee; text-decoration: underline;">http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/</span></a></div>
<div style="font: 14.0px Geneva; margin: 0.0px 0.0px 14.0px 0.0px;">
The appeals court distinguished its case from Colorado case (which is in a different circuit) because there the government had wiretaps which mentioned data on the defendant's laptop. The appeals court decision is worth reading if you're interested in this subject. It's at <span style="color: #3501ee; text-decoration: underline;"><a href="https://www.eff.org/sites/default/files/filenode/OpinionDoe22312.pdf">https://www.eff.org/sites/default/files/filenode/OpinionDoe22312.pdf</a></span></div>
<div>
<br /></div>
<br />Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com2tag:blogger.com,1999:blog-2217885481011815083.post-73724623197792505102012-03-05T17:15:00.001-05:002012-03-05T17:18:29.252-05:00A simple fix for the WPS security hole<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">In mid February, I wrote about the huge hole in Wi-Fi security caused by the WiFi Protected Setup feature that's included in most new wireless routers.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Here is what I wrote: "It turns out that the WPS protocol breaks the 8-digit PIN into two have and tests them separately. A wrong PIN generates different errors depending on whether the first four digits failed to match or the last four were wrong. This lets an attacker test the two halves separately, a huge security gaff, cutting the maximum number of combinations to be tested from many millions to just 20,000."</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Some routers let you turn WPS off, a good idea, but many popular brands do not. What's been done by the manufacturers whose routers are vulnerable and lack a way to turn off WPS? Not much. What's needed in most cases is a router firmware update. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">In the hope of prodding them along, I'm proposing a very simple fix for the WPS PIN vulnerability that should be easy to implement on any router. It only requires adding six lines of source code and uses just one additional word of memory. No persistent storage or change to the user interface is required. All it does is keep a count of how many consecutive failures to enter a valid PIN are detected. If that number exceeds some maximum, say 7, no more PIN entries will be accepted. The count is reset whenever the router is turned off and then on.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Here are the needed software changes, in pseudocode:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Parameter macro declarations (this sets the maximum number of consecutive failed WPS code entries, 7 is a suggested value), add:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> WPS_FAIL_LIMIT = 7</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Variable declarations, add:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> integer WPS_fail_count</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Power up initialization code, add:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> WPS_fail_count = 0</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Modify the firmware's test for successful WPS PIN entry, which presumably looks like something this:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> if (enteredPIN == storedPIN) then register new device</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> else handle bad PIN entry</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">to include WPS_fail_count test: </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> if (enteredPIN == storedPIN AND WPS_fail_count <= WPS_FAIL_LIMIT) then begin</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> WPS_fail_count = 0</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> register new device</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> end</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> else begin</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><span class="Apple-tab-span" style="white-space: pre;"> </span> If (WPS_fail_count <= WPS_FAIL_LIMIT) then WPS_fail_count = WPS_fail_count + 1</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> handle bad PIN entry</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> end</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">The altered code simply keeps track of how many bad PINs were added consecutively and does not allow a PIN to be registered if the found exceeds a limit. The failure limit is reset whenever power is turned off and on. Since users are familiar with cycling power as a way to clear router problems, no special user interface or documentation is required. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">This is simple and, in my opinion, foolproof. I hereby release my ideas contained in this post regarding fixes to WiFi browsers to the public domain as specified by the Creative Commons CC0 1.0 Universal declaration (http://creativecommons.org/publicdomain/zero/1.0/)</div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com0tag:blogger.com,1999:blog-2217885481011815083.post-7252382244451158942012-03-02T16:23:00.001-05:002012-03-02T16:30:32.294-05:00Practical sources of randomness for key generation<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">As promised, here are some suggestions about sources of randomness suitable for use on systems that allow entropy input to their random number generator via external typing. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>Dice</b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">This is the Diceware™ blog, after all, so it's appropriate to start with this ancient but highly dependable source of entropy. Each roll of a die has six possible outcomes, yielding 2.58 bits of entropy [log2 (6)]. To get 128 bit of entropy, you'll need to type in the outcomes of 50 rolls. Putting 10 dice in a box with enough room to shake them up would let you enter the required number of rolls in 5 operations.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Type the outcomes of the dice rolls into whatever program you are using to generate keys, assuming it allows such input. If not, and you are using Unix-like operating system, such as Linux or Mac OS X, you can enter the entropy into its /dev/random generator. Bring up a terminal window and type at the prompt: </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> cat >/dev/random </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">followed by return. Then enter the dice rolls or one of the random string generated by other methods described below. Type Control-D when your done.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Mistakes when you're typing in these random strings just add more randomness, so if you type something wrong, don't go back, just type in the correct value and continue. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>Playing cards</b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Paying card are another good source of randomness, assuming they have been properly shuffled. Seven through riffle shuffles are needed for full randomness; do a couple more for good measure. Wikipedia has a nice article on various shuffling techniques. <a href="http://en.wikipedia.org/wiki/Shuffling">http://en.wikipedia.org/wiki/Shuffling</a> A fully shuffled deck has 225 bits of entropy [log2(52!)]. The first card dealt has 5.7 bits of entropy, [log2(52)] and the amount per card decreases slowly as more cards are dealt. To get 128 bits of entropy, you should deal out 25 cards. Type in the cards including the suit, for example, you'd type</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> 3djs10hac …</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">for the 3 of Diamonds, Jack of Spades, 10 of Hearts, Ace of Clubs, and so on. There's no need to put spaces delimiters between the card values. Here is a full example that took me about 80 seconds to type in:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> 4d3s4c10s2hqc5c10c3dqs6hah2dkd3hjs10dqd7s3c9s8c7c6s8h</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">If you need more entropy, say 256 bits, shuffle the deck again and type in another 25 cards. The deck should be shuffled again after you are done so no one can reproduce what you typed in.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>Video camera </b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Another way to generate randomness is to take a picture with a computer's webcam and "digest it" with a cryptographic hash function. The old saying, "a picture is worth a 1000 words" is an understatement in the computer world. Camera images typically take half a million bytes of memory or more. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">There are two sources of randomness in a digital photograph: randomness inherent in the image content and electrical noise generated by the image capture hardware. The later is likely more than enough for our purposes, but since it is not feasible to test every camera and lighting situation that my occurs, we might as well use both sources.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Here are instructions for doing this on a Mac:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">1. Find and and and open Photo Booth, then take a picture. Save the snapshot file on the desktop using an uncompressed format such as TIFF.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">2. Open a terminal window and type the following at the prompt (don't hit return yet):</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> $ openssl dgst -sha512 </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">3. Drag the picture from Photo Booth picture file onto the terminal window. The Terminal program will add the file path to the command string.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">4. now type: > /dev/random</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">5. Finally delete the Photo Booth picture using Finder -> Secure Empty Trash</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">It probably doesn't matter what you point the camera at--there should be enough noise in any camera image--but here are some suggestions:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">o Trees outside your window</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">o Your head, especially if you had a bad hair day</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">o A cluttered (physical) desktop</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">o The screen of an old analog TV tuned to a nonexistent station. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">The last is a good choice if you want to set up a webcam as a permanent resource, say for initializing virtual machines. You'll need to write a script that mounts the camera device, takes a photo, hashes it into the randomness generator and then releases the camera for the next virtual machine.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><b></b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>Sound input</b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><b></b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Even if your computer does not have a camera, you can grab random data using its audio input or microphone. If your computer does not have a sound capture utility, you can download a free one for Windows, Mac or Linux at <a href="http://audacity.sourceforge.ne/">http://audacity.sourceforge.ne</a>t (Mac's with ILife already have GarageBand, though it's a bit complicated for this task.)</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">For a sound source, use a radio tuned between stations. An AM radio is preferable because FM sets tend to lock on to the nearest strong signal. If your in a noisy computer room, that might do in itself. Record 15 seconds or so of noise and save the file to the desktop, preferably using an uncompressed format (choose Export from the Audacity file menu). Then follow the steps for camera input, above. Don't forget to clean up by securely erasing the sound file when your done.</div><div><br />
</div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com4tag:blogger.com,1999:blog-2217885481011815083.post-57403117037455427822012-02-21T17:59:00.000-05:002012-02-21T17:59:30.562-05:00More on the danger revealed by duplicated keys<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">In my last post, I suggested that the existence duplicate keys generated by a particular device could lead an attacker to reverse engineer that device to learn the details of its entropy generation weakness. He could then replicate that weak process to generate large numbers of RSA keys and see if they match RSA public keys that haven been published or obtained some other way. One can do even better, however. Instead of generating RSA keys to test, just generate primes, following the method the device uses to generate the first prime of an RSA pair. There is no need to spend time generating the second prime and forming the product. Each prime generated would then be tested to see if it divides any of the real RSA keys. As Heninger points out, this test can be performed fairly quickly on all the keys at once by computing the product of all the real RSA keys. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">There is a further speed up possible. In generating primes to create an RSA key, one selects an odd number from some starting point (ideally random) and tests that number for primality, repeating the process until a prime is found. Getting certainty or a very high probability that a trial number is indeed prime takes considerable computation, involving a series of ever more stringent and expensive tests, see for example http://www.openssl.org/docs/apps/genrsa.html. For our purposes, however, a lower probability of primality suffices. The risk is that by limiting the testing, we might select a prime that the real software would have rejected and thus possibly miss a factorable key.That risk should be balanced by the possibility of testing many more keys. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Another possible speed up might be to multiply a large number of test keys together and test their product against the product of the real keys in one big operation using a GCD algorithm. If a divisor is found, it can then be tested again the real keys to find the one (or more) that is broken. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Testing candidate RSA primes is likely the most expensive computation in this process. However that operation is easily distributed to many processors working in parallel and might even be suitable for implementation on General Purpose Graphics processors (GPGPUs). Several groups have worked on using GPGPUs for modular arithmetic on large numbers of the type involved in primality tests. For a nice review, see:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">http://brage.bibsys.no/hig/bitstream/URN:NBN:no-bibsys_brage_15987/1/Implementing%20modular%20arithmetic%20using%20OpenCL.pdf</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">However, the work I've seen attempts to use all the GPU processors for a single large number modular multiplication. It might be faster to test many candidate primes at once, perhaps from different entropy starting points, each on its own graphics processor, or SIMD unit.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Absent the hard work of implementing these suggestions, their potential to break real RSA keys is speculative. However, the possibility of such an attack is real enough to convince me that all keys generated by devices that have exhibited inadvertent key duplication are suspect and should be replaced as soon as possible. In my next post, I plan to offer some suggestions for generating enough strong entropy prior to key generation on systems that allow manual entropy input.</div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com3tag:blogger.com,1999:blog-2217885481011815083.post-576737845530747372012-02-16T11:52:00.000-05:002012-02-16T11:52:44.420-05:00Duplicate keys could be a sign of exploitable weakness<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">In my previous post, I may have understated the danger of duplicate RSA keys. Here's what I said:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"> "Say the entropy pool is nearly empty at the start. Then there is a good chance two different users, Adam and Alfred, using method A could generate the same two primes, and would have the same public key. That means Adam could read Alfred's mail, forge his signature and vice versa. Poor security to be sure, and anyone could find out this had happened by inspecting a public key database. But only Adam and Alfred can take advantage of the security hole, and if both Adam and Alfred are good guys, it's not that likely to be a problem. It's like discovering two people in your town have the same front door key."</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">That's true as far as it goes, but discovering the existence of shared RSA keys is a clue that a weak source of entropy may had been used in generating them. If they were both created by the the same security appliance, say a particular brand of firewall, an attacker could purchase the same device and attempt to recreate the shared key by restarting the device multiple times. Collecting all available duplicate keys from the same appliance would allow them to be attacked together. But why stop there? By collecting every public key available that was generated from the same appliance, an attacker would likely discover many more keys that were created from the weak entropy pool, but had not been duplicated. With some more effort, the attacker could reverse engineer the key creation mechanism and its entropy pool weakness, allowing much faster attempts to find the vulnerable keys. They could generate hundreds of millions of keys and see which matched published or intercepted public keys. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">So the existence duplicate keys are a tell-tale that more weak keys are out there that are ripe for attack. Once the details of the poor entropy collection are known, even single-secret public keys, such as Diffie-Hellman or DSA, might be subject to such attacks. This weakness is not the instant fail of a single shared prime, but it may have broader impact. Discovering two people in your town have the same front door key could tell a thief that their locks are easy to pick.</div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com1tag:blogger.com,1999:blog-2217885481011815083.post-66248436407569796372012-02-15T13:25:00.001-05:002012-02-16T11:53:51.600-05:00More on the RSA shared prime story<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">A new blog post by Nadia Heninger https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs provides an expiation for most of the strange results reported by Lenstra et al. that my previous blog post discusses. It seems almost all of the duplicated and factorable RSA keys were generated by security appliances like firewalls and routers. These typically have poor access to entropy, particularly when they first start up, and often that is when they generate their public key pairs. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">In particular, she offers a simple explanation of the shared prime problem, based on two snippets of pseudo-code for generating an RSA key:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">// method A:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">seed_random_number_generator (entropy-pool)</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">P=generate_random_prime ()</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Q=generate_random_prime ()</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">public_key=P*Q </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">// method B:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">seed_random_number_generator (entropy-pool)</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">P=generate_random_prime ()</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">add_entropy_to_pool (whatever)</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Q=generate_random_prime ()</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">public_key=P*Q </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">At first glance method B seems more secure. We want our primes to be random and adding more entropy to a random number generator can only make things better, right? Had you asked me yesterday I might have agreed. Wrong!</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Say the entropy pool is nearly empty at the start. Then there is a good chance two different users, Adam and Alfred, using method A could generate the same two primes, and would have the same public key. That means Adam could read Alfred's mail, forge his signature and vice versa. Poor security to be sure, and anyone could find out this had happened by inspecting a public key database. But only Adam and Alfred can take advantage of the security hole, and if both Adam and Alfred are good guys, it's not that likely to be a problem. It's like discovering two people in your town have the same front door key. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Now suppose Ben and Bill use method B. There's a good chance they will share the same first prime, P, but their second prime, Q, is likely to be different. Again anyone could find out this had happened by inspecting a public key database, but in this case, once they do that, they can easily break both public keys using Euclid's two thousand year old GCD algorithm. So anyone, not just Ben and Bill, can take advantage of this security hole. It's like publishing a hi-def photo of your front door key on Flickr, allowing anyone to make a copy. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Security software isn't easy.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">So the problem does not seem to be the Random Number Generator Attack I speculated on yesterday, but that attack mode is still a real threat. Heninger has notified the manufacturers of the security devices she found to have this problem. Whether they will be more responsive to this threat than they have been so far to the WPS problem that I blogged about in January remains to be seen.</div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com0tag:blogger.com,1999:blog-2217885481011815083.post-68506245939542916542012-02-14T18:19:00.000-05:002012-02-14T18:19:14.694-05:00Was Whit really right?<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">A recent paper titled "Ron was wrong, Whit is right" by Arjen K. Lenstra, James P. Hughes, Maxime Augier, Joppe W. Bos, Thorsten Kleinjung, and Christophe Wachter (http://eprint.iacr.org/2012/064.pdf) presents some disturbing results from their analysis of several million RSA public keys, which they obtained from published databases of key certificates. The authors did what amounts to a sanity check, testing the keys for simple vulnerabilities. Basically an RSA public key is a number that is the product of two large prime numbers. The corresponding secret key is, essentially, either of the two prime numbers. Once one is known, finding the other can be obtained by a simple (for a computer) division operation. The security RSA depends on the widely-believed difficulty of factoring numbers, that is finding either prime given that you know the product. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Each prime is supposed to be chosen in a random manner, making duplications unlikely. What Lenstra and his team found was that a surprising number of RSA keys were duplicated in more than one certificate (i.e. both primes were the same). Even more surprising, they found a small but significant fraction (about 0.2%) of RSA keys in their database shared one prime factor with a different RSA key in the database. That's a serious problem because there is a simple and efficient algorithm, known to Euclid, that lets you find a factor that two numbers share. Looking for dups is easy, just sort the public keys by size. Finding shared factors is a little trickier for such a large collection, but the authors found an efficient way to test all pairs of keys in the database to see if they have a common prime factor.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Some duplicate keys appear to have the same owner, which is harmless enough. But the large number of duplicates, and particularly the keys with one shared prime, are much harder to understand. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">I would like to float one possible explanation that involves a simple, but subtle way to attack computer security: using malware injection to subvert a computer system's random number generation process. All that is necessary is to insert code that intercepts calls to the system's random number generator and replaces the proper returned value with a number generated by an algorithm crafted by the attacker. This algorithm would be designed to have a relatively small state space, producing say only a few million or even billion possible results. These would appear random enough to simple inspection, but the attacker could test the limited number of possible keys generated using the cooked algorithm to find the correct key, thus defeating all security. Note that this attack does not require the infected computer transmit stolen keys, or logged passwords. Indeed the malware need not communicate with the outside world in any way, making detection very difficult. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">I propose that the Lenstra research may have found a signature of this attack in operation. That is, the weakness in the substituted random number generator on infected machines may have caused the duplications. Perhaps a statistical model of the types of duplication a random number generator attack might produce could test this hypothesis. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Lenstra et. al.'s title suggest that, due to their their findings, RSA is less secure than other public key systems, such as Diffie-Hellman. The latter only needs a single secret prime number, hence there can be no shared factors. But If I am correct, those too would have been compromised by random number generator attacks, though in ways that are less evident, since the attacker still has a limited number of possible primes to test.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><br />
</div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com2tag:blogger.com,1999:blog-2217885481011815083.post-40488072229123331172012-01-06T15:48:00.000-05:002012-01-06T15:48:37.570-05:00WPS Spells Whoops, or the Collapse of Wi-Fi Security<div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; text-align: center;"><b><br />
</b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">The good folks at the Wi-Fi Alliance have taken a fine security product and smashed it to smithereens by adding a poorly thought out feature. The damage affects most new Wi-Fi routers and will take years to fully repair, since must users will never hear about it.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">We're all familiar with Wi-Fi, the technology that literally unleashed the Internet by eliminating the Ethernet cable that tied our computers to the wall. Wi-Fi is nurtured by an industry trade association know as the Wi-Fi Alliance that was formed in 1999 to insure that products using a wireless networking standard known as IEEE 802.11 could all work together. Complex standards like 802.11 have lots of options and typically leave some issues unaddressed. Manufacturers of wireless products based on 802.11 can choose among options and fill in the missing pieces in ways that prevent their products from talking to products made by other manufacturers. The Wi-fi Alliance tied up those loose ends in a way that insures interoperability. The "Wi-Fi" trademark is owned by the alliance and manufacturers who do things the way the alliance recommends get to use the Wi-Fi Certified mark on their products. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">One issue that the original 802.11 spec did not properly address is security. The older wired Ethernet standard for joining computers to networks provided a modest level of security, in that you needed to plug the cable in to a network outlet. That usually meant you had to at least get inside the building where the network was located and do your mischief there. Wi-Fi, on the other hand, is wireless. Each Wi-Fi device is miniature radio station, often broadcasting beyond the walls of the place where it is used. The signals can often be picked up from an adjacent parking lot or even hundred of meters away, by using a high gain directional antenna. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">The Wi-Fi Alliance alliance recognized that more security was needed and included something called Wired Equivalent Privacy or WEP in their early recommendations. WEP, as the name implies, was intend to roughly match the modest security provided by the earlier wired systems. It didn't even accomplish that. Flaws in the WEP encryption algorithm allow it to be broken in a few minutes.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">The Wi-Fi Alliance responded by developing a much stronger security system called Wi-Fi Protected Access or WPA. Developing a good encryption system is always tricky, but Wi-Fi Alliance faced an additional challenge in that many wireless device already sold had just enough computing power to implement WEP. WPA had to be retrofitted to those devices and that took a lot of ingenuity.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Meanwhile the IEEE committee responsible for 802.11 also took up the security challenge and produced an encryption protocol for wireless called 802.11i that avoided the compromises needed for WPA but took more compute power. The alliance adopted 802.11i as WPA2 and all newer Wi-Fi certified devices do WPA2. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Encryption systems scramble messages based on a key and all encryption schemes face need a way for senders and recipients to exchange those keys securely. WPA and WPA2 have a fancy way of doing this in corporate environments that requires special security servers, but for individual users and smaller organizations, Wi-Fi security depends on a secret password they call a "Pre-shared Key" (PSK) that all devices on a network must possess .</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Though WPA and WPA2 take steps to slow down the rate at which passwords can be tested, the steady increase in computing power available for a given cost, especially the availability graphics processors that have hundreds of general purpose computing elements, has made it possible to rapidly try large numbers of passwords to find the correct one. These days short passwords, even with the 8 character minimum length that the Wi-Fi Alliance recommends, can be broken with inexpensive computing equipment.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Users can overcome this problem by using a longer password or pass phrase. I recommend a minimum of 6 randomly chosen short words and provide a simple tool, Diceware (www.diceware.com), that lets you create a random passphrase using ordinary dice. With a long enough pass phrase, WPA and especially WPA2 are quite strong. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>Or so it seemed.</b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">The Wi-Fi Alliance was concerned that the process of selecting and entering a good password or pass phrase was too complicated for the average user. Alliance members also wanted to sell a variety of special devices that did not have a full keyboard with which to enter a pass phase. So they came up with another recommendation, WiFi Protected Setup or WPS.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">WPS offers several ways to add a device to a Wi-Fi network. One method, Push Button Connect, uses two push buttons, a button on the unit seeking access and the other button on the Wi-Fi router. Press both buttons within two minutes of each other and the two devices exchange all the information they need to add the new device to the network.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Another method uses an 8-digit number the Wi-Fi Alliance refers to as a PIN. (PIN usually stands for Personal Identification Number, but we get the idea.) Each router that meets the WPS certification requirements has a PIN. You can enter that PIN into a device seeking network access and it calls your Wi-Fi router on the radio. The router asks the device for the PIN and if it has the correct number, the router gives the device the networks pass phrase and it's welcomed into the network. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>Here's where things get nasty.</b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">It turns out that the WPS protocol breaks the 8-digit PIN into two have and tests them separately. A wrong PIN generates different errors depending on whether the first four digits failed to match or the last four were wrong. This lets an attacker test the two halves separately, a huge security gaff, cutting the maximum number of combinations to be tested from many millions to just 20,000.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">To get their grade in Security 101 from D- to F, the designers of WPS included a check digit in the 8 digit PIN, so an attacker who has gotten the first 4 digits, 5000 attempts needed on average, only needs 500 more guesses on average to get the whole PIN. Note that there is absolutely no need for a check sum in a situation like this. If a user copies the wrong number from the label on the device, the security protocol itself will provide the needed warning. From security standpoint, the longer the PIN, the better; the only limit on PIN size is the patience of the human user. So why waste a digit on a check sum?</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Software has been published on the Internet that takes advantage of this WPS hole to break most recent Wi-Fi router's security in a few hours.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Even without this hole, the way WPS was typically implemented presented security problems. Having the PIN number right on the router means anyone who get physical access to it can write down, photograph ore even memorize your PIN. Once they have the magic number, they can connect to your network whenever they wish. Most routers do not allow you to change the PIN (TP_Link is an exception). So if you think your PIN may have been stolen, there's nothing you can do about it except buy a new router.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">There a variety of solutions to these problems, depending on whether you are a user or a router manufacturer.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>Fixes for users</b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">If you're a user, first, determine if your wireless router has the WPS feature. Look for a label on the router with a bunch of long numbers, typically a serial number,pone or more MAC addresses and so on. See if there is a 8-digit decimal number, like 1234-5678 on the label, that is a WPS PIN. It may be marked PIN, WPS, QSS or with an icon showing two arrows pointed at each other's tails. In general, that likely means you have WPS and the security problem. One exception is Verizon's FIOS routers. According to their manual, the WPS feature is not working yet, but was to be enabled by a future firmware release so there is a PIN on their label. Procrastination pays.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">One you've determined you have WPS, your best option is to disable it. Many Belkin, DLink, Netgear and TP-Link models allow this. Many Cisco models currently do not. If you can't disable WPS on your router, check your junk closet for an older model that lacks WPS, which you could put back in service while your router manufacturer gets its act together. (Call their customer support line and ask when a fix can be expected. They need to hear from you.) Absent that, if security is important consider buying a new router from one of the manufacturers that currently let you disable WPS.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">While your at it, write down you WPS PIN and put it in a safe place, then cover it over with paint, nail polish or tape to protect it from casual glances.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>The simplest way to fix router firmware</b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Here is a very simple fix for router manufacturers who want to get a patch out quickly:</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Disable the WPS feature after, say, five successive failed PIN entries and have the count reset to zero whenever the router is powered off and on. This fix would be very simple to implement in firmware, requiring no change to the user interface, no persistent parameter storage and little end user education. Users are already used to the idea of turning power off and on when they encounter a problem, so they would likely figure out what to do if their WPS stopped working. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">The needed changes to router firmware are extremely simple and easy to code-review and test: There would be one new variable. It would be set to zero during power up initialization. It would be tested to make sure it hasn't exceeded the threshold before any remote PIN registration attempt is allowed, if not it would be incremented by one whenever a remote PIN registration attempt fails and and set to zero whenever a remote PIN registration attempt succeeds. </div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 14.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><b>The ideal fix </b></div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">The idle fix would combine the above with the ability to change the PIN and the ability to turn WPS off if desired. A warning message if excessive bad WPS attempts were detected would be handy.</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;"><br />
</div><div style="font: 12.0px Helvetica; margin: 0.0px 0.0px 0.0px 0.0px;">Check back here. I'll post more info when I get it.</div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com0tag:blogger.com,1999:blog-2217885481011815083.post-40099675272250380162011-04-14T12:19:00.000-04:002011-04-14T12:19:29.309-04:00A common Diceware question<div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">Here is an e-mail I received today and my reply:</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 19.0px;"><span style="letter-spacing: 0.0px;"></span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">>Hello,</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 19.0px;"><span style="letter-spacing: 0.0px;"></span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">>Have you seen <a href="https://www.grc.com/passwords.htm?">https://www.grc.com/passwords.htm?</a></span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">>It is way more random and therefore safer for WPA.</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">>I mean, words are cool, but they are just that --</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">>a string with random printable ASCII characters is</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">>certainly harder to crack, it seems.</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 19.0px;"><span style="letter-spacing: 0.0px;"></span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">>Cheers</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 19.0px;"><span style="letter-spacing: 0.0px;"></span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">>Indian mathematician in training</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 19.0px;"><span style="letter-spacing: 0.0px;"></span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">It's true that random characters provide more security (entropy) for a string of the same length, but for many people words are easier to remember. For example a 7 word Diceware(tm) phrase has about the same entropy as a 20 letter random string. As my FAQ explains, you can also generate random characters using dice if you prefer.</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 19.0px;"><span style="letter-spacing: 0.0px;"></span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">As for the GRC site, they say they are not generating true random numbers, but using a pseudo-random algorithm. The algorithm they say they are using isn't terrible, but you are relying on them to be doing what they say and to be sure that their server has not been hacked. There is really no way to audit that. Dice, on the other hand, are completely secure and truly random.</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px; min-height: 19.0px;"><span style="letter-spacing: 0.0px;"></span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">Best wishes,</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;"><br />
</span></div><div style="color: #202701; font: 14.0px Palatino; margin: 0.0px 0.0px 0.0px 0.0px;"><span style="letter-spacing: 0.0px;">Arnold</span></div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com1tag:blogger.com,1999:blog-2217885481011815083.post-25887126292563340412010-12-30T12:25:00.003-05:002011-01-01T19:20:48.258-05:00The PS-3 Private Key Break<div style="font: 10.0px Helvetica; line-height: 16.0px; margin: 0.0px 0.0px 0.0px 0.0px;"></div><div style="font-family: Geneva; font-size: medium; font: normal normal normal 10px/normal Helvetica; line-height: 16px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">At the December 2010 Chaos Communication Congress in Berlin, a group calling itself ''fail0verflow'' announced it had succeeded in bypassing a number of Sony PlayStation 3 restrictive measures. These included the recovery of the private key Sony uses to sign code. Sony was using a technology called public key cryptography to insure that only programs it approved could run on the PS3. Public key cryptography uses one key, which is kept private, to create a mathematical puzzle that is very hard to solve, but which can be unlocked using a different key that can safely be made public. These puzzles can then be used to create electronic signatures that can be verified by any computer that has the public key. Absent unforeseen mathematical breakthroughs, if the public key algorithm is implemented correctly and the private key is kept secret, no one can forge such a signature.</div><div style="font-family: Geneva; font-size: medium; font: normal normal normal 10px/normal Helvetica; line-height: 16px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="font-family: Geneva; font-size: medium; font: normal normal normal 10px/normal Helvetica; line-height: 16px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">The PS3 private key recovery was made possible by an improper implementation of the public key cryptography system Sony employed, Elliptic Curve Digital Signature Algorithm or ECDSA. ECDSA requires a secret random number to be generated for each signature. Those secret numbers must be different for each signature. If two signatures are found that used the same secret number, even if that number itself is not known, the private key can be recovered by simple algebra. Sony reportedly used the same secret number for all its signatures. As a result, anyone with the now-public private key can sign code it a way that is indistinguishable from a signature issued by Sony.</div><div style="font-family: Geneva; font-size: medium; font: normal normal normal 10px/normal Helvetica; line-height: 16px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 12px;"><br />
</div><div style="font-family: Geneva; font-size: medium; font: normal normal normal 10px/normal Helvetica; line-height: 16px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">This flaw was not in any of the PS3 software or the IBM Cell processor that's at the heart of the PS3. It was a mistake in the program used to sign software approved to run on the PS3. That program presumably runs only on some highly guarded server at a facility controlled by Sony. The signing program could have been fixed by adding one line of code, a call to a strong random number generator, like /dev/random, to generate a new random number for each signature. You may have to go back to the US and UK's Venona exploit in the Cold War to find an example of a large organization (the USSR in that case) screwing up what should have been an unbreakable system.</div><div style="font-family: Geneva; font-size: medium; font: normal normal normal 10px/normal Helvetica; line-height: 16px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 12px;"><br />
</div><div style="font-family: Geneva; font-size: medium; font: normal normal normal 10px/normal Helvetica; line-height: 16px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">The lesson from this fiasco is that in cryptography details are crucial. Cryptographic software must be intensively reviewed by experts, not programers who recently read a book or took a course on the subject. The best solution may be open source implementations that have been available for public scrutiny for many years, and even then, an expert review of the final software is still essential. And all user of ECDSA and similar algorithms should review their signing software to insure it does not contain the same bug. This barn may contain more than one horse, so its's worth checking the door.<br />
<br />
Here is a YouTube link to the complete presentation: http://www.youtube.com/watch?v=hcbaeKA2moE </div>Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com0tag:blogger.com,1999:blog-2217885481011815083.post-57729563520060707622010-12-22T20:43:00.002-05:002011-01-01T19:24:12.945-05:00Thoughts on Wikileaks and the U.S. GovernmentGovernments have a right and a duty to keep some things secret. Whether it's individual medical records at government hospitals or nuclear weapon design parameters, some data should never become available for all to see. That said, it's the government's responsibility to take measures to protect those secrets. Leaks by individuals trusted with secrets have always been a problem, but computer technology amplifies the danger enormously. Modern computer are built to share information, not protect it, and the price and size of data storage as dropped so low that 250,000 classified diplomatic cables can comfortably fit on a MicroSD storage card the size of a fingernail, selling for under $10. Keeping something that small from moving in or out of the most secure facility is nearly impossible.<br />
<br />
Nor is it enough to restrict access to only people who have been vetted for security clearances. Assuming the vetting process is 99.9% effective, and 1000 cleared people have access to the data, the probability of a leak is 63% (1-.999^1000).<br />
<br />
When I drove my son back to school after this Thanksgiving, I took him to the campus bookstore to buy him a new laptop. Driving home I got a call from my credit card company asking to verify a recent transaction. Their computers apparently found it odd that I made a large purchase 100 miles from home. Now a credit card company has a strong interest in quickly stopping misuse of a stollen card, but didn't the U.S. Government have an even stronger interest in protecting classified information? It's not as if the risk Wikileaks posed was unknown. The U.S. Army wrote a report about the security hazards posed by Wikileaks, which report found its way to the Wikileaks site.<br />
<br />
After 9/11 attacks in 2001, there was a strong push to break down barriers sequestering information that could prevent future attacks if shared. Large amounts of classified data, including hundreds of thousands of diplomatic cables and wartime incident reports, were made accessible over special networks that could only be used by people cleared at the Secret level. Was software developed in parallel to track unusual usage by individuals? Was it deployed in the field? If not, why not? Who made the decision to allow sharing without adequate precautions? Is such software deployed universally now? Those are the questions the U.S. Government should be pursuing, instead of the embarrassingly pointless effort to keep people from reading cables already published.<br />
<br />
So far the leaked cables have caused more embarrassment than danger. Even the cable listing potential terrorist targets worldwide should have modest impact. It's not as if the terrorists had run out of potential targets they knew about.<br />
<br />
My big worry is highly classified data that was not leaked, particularly software used to design nuclear bombs. The vast majority of U.S. nuclear weapons were designed between 1945 and 1983 using a series of ever more powerful supercomputers. However none of those supercomputers come close to the power of the average desktop computer in use today. Indeed most were puny compared to the Macintosh G4 released in 1999 that was the subject of the famous Apple Tank Ad, which you can watch at http://www.youtube.com/watch?v=7Eb1yih5kNY. Those G4's now gather dust in thousands of basements. Software programs for bomb design likely would take much less space on a memory card of thumb drive than all those diplomatic cables. What is being done to insure they never leak?Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com0tag:blogger.com,1999:blog-2217885481011815083.post-12052528302868623572010-12-22T17:57:00.000-05:002010-12-22T17:57:38.325-05:00Getting started...Computer and Internet security is a mess and it's getting worse. Big corporations and the government seem unable to solve their own security problems, much less lead the way to a safer information technology world. I hope to spread some useful ideas and common sense here and one more blog on the topic can't do much damage. For starters, check out my Diceware.com page, with suggestions on picking and remembering strong passphrases and passwords.Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.com0