Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp6711000ybe; Wed, 18 Sep 2019 07:52:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqyQ5w4xtsaYxjSzO1dqby8WvY1q6efrrhUKuxNCY6H3wPF1lNp+k5YcLYKPTIO7bt1K/FqG X-Received: by 2002:a17:906:405b:: with SMTP id y27mr10146723ejj.18.1568818331698; Wed, 18 Sep 2019 07:52:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568818331; cv=none; d=google.com; s=arc-20160816; b=nDhIZQFf/YLA+JZh9hxIx6Q5xMTxO7KQGReinb04vrfD8kkuICMWVHHPfocRhWfrzW m+A4vSMk5kA1V1LpktAXICa8FXeTc9RfNsrsVysR1gkDlWdOJ6iRNgusmEjT7a6qCfpc YsQKd8nGERT4OJlWCwBJOWo7K40MalZJ1dc/svNrm8ftS4O2E1IDsCDihkh7W1O3FGlC M38t/xMMGUPsx5q/hqiyhwDPBL9ArxpFzmVlrZ2NnXmsuodT1sdUhlLnDHDisyVxhRdO LwWOpeYGNs6mcSQRyfVz5vzu6sO8X0ABUIWv7rKGUueEXZcxD9VznXA15LlDxguSbL36 ozvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject:dkim-signature; bh=shRcCqdrW2AA6jwy3OcrdqKfsL4WIJsDKGjUpc0AYZw=; b=zvu0TLgzEXEPtdFxe9BltVj3cfVa1i41hFiweoKzzEYpd1LParrdSC4YtKBC0xrh+Q 21rLqZMb98wtLdyOvy6JRan2uMbJxp8DJHR7OITdYJI9mEgJUzNqjwzHXGs1RyvUp0V4 Y9n5xGYaDPmrdWm5EQ1iFnH0T5zOFXUdjmyLrY/yd1ZOZUhY6fGZNEhn17pko+y3ZtLQ VOPcAVx3D5QI4ML3YNJq5jNz19z6K+PLuScNsDee07/FnXDpuAVzK6E/MHsFZldyJ3cu 2DENRXW8BeBFz6noqj4npmvbcoKd/Npjkt60jcDhFPFyC1OFQDXlhZVP6dw5UL7S5K+1 Mz9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nkw5Ks0C; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z2si3337375edd.390.2019.09.18.07.51.34; Wed, 18 Sep 2019 07:52:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nkw5Ks0C; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730029AbfIROub (ORCPT + 99 others); Wed, 18 Sep 2019 10:50:31 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:34555 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725902AbfIROub (ORCPT ); Wed, 18 Sep 2019 10:50:31 -0400 Received: by mail-lj1-f195.google.com with SMTP id h2so249612ljk.1; Wed, 18 Sep 2019 07:50:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to; bh=shRcCqdrW2AA6jwy3OcrdqKfsL4WIJsDKGjUpc0AYZw=; b=nkw5Ks0CtGS+LjOOxHN0PgSWk2Hwmmhr/3pdJ1CPEV07i+jlbspJDw68suIRxsAv7R uBQYGtwtz5w1+hL+9kWVmop9ivZurDP2LYIVvJ4arLG2bxF7lAimOcTzb/f2viq3lRKe XYFfolsMZRCoUmh8ApsT9mOxDEUY2Joc0SK9sb/Vmw6kr/51GfPyLv+rfbsKqMnNc5p6 N5da3msp1r88wh1+jeE1D/LLDYZPANyE6n8nA27I4ukWqnfEyeXRdkX4xWtRAd0O8K/M mvBbaCET7VNmYg214sJbvE+65HvhoW4eG+agGXs5v78Y1CiF+JFYTqRiGJVotcjXPS7M OwjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to; bh=shRcCqdrW2AA6jwy3OcrdqKfsL4WIJsDKGjUpc0AYZw=; b=JkxcNSf3zvjSr+ylSfdT0IcJspU1UsQmTCswMjXltCNUrdhuNE4EBUU5bbtCmDtdBU cDVHdJZlYWCHecQe+zOfPMmkOj5JplA67S1NKJtSs0YqsFqxjg2rkqW03MswW9FqGP+z HC47WNNirwgXRWggpMzT4paXlb+YUuGWhlwRdQMEkOVaZUUyCodOwvnEGweYkekMIDBi GtG9DI99JuvlqiQv2vb5zckLnYe0lM9x84mrou9e0O9KjDe7nARnn3S8GAdEGky3dyN1 iuh2Rlk28etk+OavpYMvXw3DNMF6Ha5elo6lkfdJVMNxr2V+pu7bquEDkqu170NjAQ7a k6JA== X-Gm-Message-State: APjAAAUb/69CC6DUgh4AotDHB53HOp4CZdqLlDkPp8i8TyR/omLieJcB n8sK8FiKl4rGcK0ICtYMWkqy9FbvT9Nv5LFz X-Received: by 2002:a2e:94cd:: with SMTP id r13mr2483813ljh.24.1568818226929; Wed, 18 Sep 2019 07:50:26 -0700 (PDT) Received: from ?IPv6:2a02:17d0:4a6:5700::47f? ([2a02:17d0:4a6:5700::47f]) by smtp.googlemail.com with ESMTPSA id x15sm1205138lff.54.2019.09.18.07.50.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 18 Sep 2019 07:50:25 -0700 (PDT) Subject: Re: Linux 5.3-rc8 From: "Alexander E. Patrakov" To: Lennart Poettering , Willy Tarreau Cc: "Theodore Y. Ts'o" , Matthew Garrett , Linus Torvalds , "Ahmed S. Darwish" , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , zhangjs , linux-ext4@vger.kernel.org, lkml References: <20190917052438.GA26923@1wt.eu> <2508489.jOnZlRuxVn@merkaba> <20190917121156.GC6762@mit.edu> <20190917155743.GB31567@gardel-login> <20190917162137.GA27921@1wt.eu> <20190917171328.GA31798@gardel-login> <20190917172929.GD27999@1wt.eu> <20190918133806.GA32346@gardel-login> Message-ID: <97a49761-701c-c5d9-0a35-65c01368017e@gmail.com> Date: Wed, 18 Sep 2019 19:50:23 +0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms090904010206040709020606" Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org This is a cryptographically signed message in MIME format. --------------ms090904010206040709020606 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-PH Content-Transfer-Encoding: quoted-printable 18.09.2019 18:59, Alexander E. Patrakov =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > 18.09.2019 18:38, Lennart Poettering =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >> On Di, 17.09.19 19:29, Willy Tarreau (w@1wt.eu) wrote: >> >>>> What do you expect these systems to do though? >>>> >>>> I mean, think about general purpose distros: they put together live >>>> images that are supposed to work on a myriad of similar (as in: same= >>>> arch) but otherwise very different systems (i.e. VMs that might lack= >>>> any form of RNG source the same as beefy servers with muliple source= s >>>> the same as older netbooks with few and crappy sources, ...). They=20 >>>> can't >>>> know what the specific hw will provide or won't. It's not their >>>> incompetence that they build the image like that. It's a common, ver= y >>>> common usecase to install a system via SSH, and it's also very commo= n >>>> to have very generic images for a large number varied systems to run= >>>> on. >>> >>> I'm totally file with installing the system via SSH, using a temporar= y >>> SSH key. I do make a strong distinction between the installation phas= e >>> and the final deployment. The SSH key used *for installation* doesn't= >>> need to the be same as the final one. And very often at the end of th= e >>> installation we'll have produced enough entropy to produce a correct >>> key. >> >> That's not how systems are built today though. And I am not sure they >> should be. I mean, the majority of systems at this point probably have= >> some form of hardware (or virtualized) RNG available (even raspi has >> one these days!), so generating these keys once at boot is totally >> OK. Probably a number of others need just a few seconds to get the >> entropy needed, where things are totally OK too. The only problem is >> systems that lack any reasonable source of entropy and where >> initialization of the pool will take overly long. >> >> I figure we can reduce the number of systems where entropy is scarce >> quite a bit if we'd start crediting entropy by default from various hw= >> rngs we currently don't credit entropy for. For example, the TPM and >> older intel/amd chipsets. You currently have to specify >> rng_core.default_quality=3D1000 on the kernel cmdline to make them >> credit entropy. I am pretty sure this should be the default now, in a >> world where CONFIG_RANDOM_TRUST_CPU=3Dy is set anyway. i.e. why say >> RDRAND is fine but those chipsets are not? That makes no sense to me. >> >> I am very sure that crediting entropy to chipset hwrngs is a much >> better way to solve the issue on those systems than to just hand out >> rubbish randomness. >=20 > Very well said. However, 1000 is more than the hard-coded quality of=20 > some existing rngs, and so would send a misleading message that they ar= e=20 > somehow worse. I would suggest case-by-case reevaluation of all existin= g=20 > hwrng drivers by their maintainers, and then setting the default to=20 > something like 899, so that evaluated drivers have priority. >=20 Well, I have to provide another data point. On Arch Linux and MSI Z87I=20 desktop board: $ lsmod | grep rng $ modinfo rng_core So this particular board has no sources of randomness except interrupts=20 (which are scarce), RDRAND (which is not trusted in Arch Linux by=20 default) and jitter entropy (which is not collected by the kernel and=20 needs haveged or equivalent). --=20 Alexander E. Patrakov --------------ms090904010206040709020606 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: Криптографическая подпись S/MIME MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC C5wwggVNMIIENaADAgECAhArQ2N9hOajPiuqD20bI16wMA0GCSqGSIb3DQEBCwUAMIGCMQsw CQYDVQQGEwJJVDEPMA0GA1UECAwGTWlsYW5vMQ8wDQYDVQQHDAZNaWxhbm8xIzAhBgNVBAoM GkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBB dXRoZW50aWNhdGlvbiBDQSBHMTAeFw0xOTA2MDYwODAxMzVaFw0yMDA2MDYwODAxMzVaMB0x GzAZBgNVBAMMEnBhdHJha292QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOA0sb1ubDnIK32rbgW3BnjBcx1pYuEFOCU6aPVJ2gU+wtKJgAo9IdVUXG6kC1fF hXjIcZHOgbEqzFjHK1yXlHIUWEv+N8KdmBDOK1UdKQj58d9A4hnH62iEiwQsOR5YT1UyHX4A pfMjsBja7254cixR4jOPzfA4YUD6JTTPioyjDwuYQlhweVyXziKswLtGWfKeDcm3fOlKYxGy hxjWJRamGTreNBVC9uMkF4DHszpUm07agR2U4mnWy7FsjBuRJ++iX0SvuxKWf19HQWgmgIys jBVrArhVzgjOOnbvlklW849wIARF4Y0WAf91DsqPtuR8hu7+9KIVj2qk9BeNXXUCAwEAAaOC AiEwggIdMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfmD8+GynPT3XrpOheQKPs3QpO/Uw SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vY2FjZXJ0LmFjdGFsaXMuaXQv Y2VydHMvYWN0YWxpcy1hdXRjbGlnMTAdBgNVHREEFjAUgRJwYXRyYWtvdkBnbWFpbC5jb20w RwYDVR0gBEAwPjA8BgYrgR8BGAEwMjAwBggrBgEFBQcCARYkaHR0cHM6Ly93d3cuYWN0YWxp cy5pdC9hcmVhLWRvd25sb2FkMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDCB6AYD VR0fBIHgMIHdMIGboIGYoIGVhoGSbGRhcDovL2xkYXAwNS5hY3RhbGlzLml0L2NuJTNkQWN0 YWxpcyUyMENsaWVudCUyMEF1dGhlbnRpY2F0aW9uJTIwQ0ElMjBHMSxvJTNkQWN0YWxpcyUy MFMucC5BLi8wMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDti aW5hcnkwPaA7oDmGN2h0dHA6Ly9jcmwwNS5hY3RhbGlzLml0L1JlcG9zaXRvcnkvQVVUSENM LUcxL2dldExhc3RDUkwwHQYDVR0OBBYEFEhX9pz3jwI3+erfsAVB2b4xSsM8MA4GA1UdDwEB /wQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAVbKht9PGiUsUaqiyzJb6blSMNaLwopQr3AsI FvthyqnSqxmSNYDeZsQYPgBnXvMCvHCn07pm1b96Y3XstBt2FWb9dpDr7y+ec3vxFHb3lKGb 3WREB1kEATnBu2++dPcILG58gdzgYde3RAJC3/OyOZhDqKwQA5CnXTHigTzw75iezdLne5pU MjEQoxdqC+sgbrAueaEpMmRsGSKzgIX8eQ3DWwyIL56fYPJP3u4WZmBUKTFhhUWowG62QLtt ZjkiX/j+vjcSRd2app8lYDwQRornZAqrDxy+c4qQJ5FN234p36opwespDCwLN3Z6wPzLvzS+ jAlmV3DF2xuZGMoebzCCBkcwggQvoAMCAQICCCzUitOxHg+JMA0GCSqGSIb3DQEBCwUAMGsx CzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4v MDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQTAe Fw0xNTA1MTQwNzE0MTVaFw0zMDA1MTQwNzE0MTVaMIGCMQswCQYDVQQGEwJJVDEPMA0GA1UE CAwGTWlsYW5vMQ8wDQYDVQQHDAZNaWxhbm8xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAz MzU4NTIwOTY3MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBH MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMD8wYlW2Yji9ARlv80JNasoKTD+ DMr3J6scEe6GPV3k9WxEtgxXM5WX3oiKjS2p25Mqk8cnV2fpMaEvdO9alrGes0vqcUqly7Pk U753RGlseYXR2XCjVhs4cuRYjuBmbxpRSJxRImmPnThKY41r0nl6b3A6Z2MOjPQF7h6OCYYw tz/ziv/+UBV587U2uIlOukaS7Xjk4ArYkQsGTSsfBBXqqn06WL3xG+B/dRO5/mOtY5tHdhPH ydsBk2kksI3PJ0yNgKV7o6HM7pG9pB6sGhj96uVLnnVnJ0WXOuV1ISv2eit9ir60LjT99hf+ TMZLxA5yaVJ57fYjBMbxM599cw0CAwEAAaOCAdUwggHRMEEGCCsGAQUFBwEBBDUwMzAxBggr BgEFBQcwAYYlaHR0cDovL29jc3AwNS5hY3RhbGlzLml0L1ZBL0FVVEgtUk9PVDAdBgNVHQ4E FgQUfmD8+GynPT3XrpOheQKPs3QpO/UwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRS 2Ig6yJ94Zu2J83s4cJTJAgI20DBFBgNVHSAEPjA8MDoGBFUdIAAwMjAwBggrBgEFBQcCARYk aHR0cHM6Ly93d3cuYWN0YWxpcy5pdC9hcmVhLWRvd25sb2FkMIHjBgNVHR8EgdswgdgwgZag gZOggZCGgY1sZGFwOi8vbGRhcDA1LmFjdGFsaXMuaXQvY24lM2RBY3RhbGlzJTIwQXV0aGVu dGljYXRpb24lMjBSb290JTIwQ0EsbyUzZEFjdGFsaXMlMjBTLnAuQS4lMmYwMzM1ODUyMDk2 NyxjJTNkSVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0dHA6 Ly9jcmwwNS5hY3RhbGlzLml0L1JlcG9zaXRvcnkvQVVUSC1ST09UL2dldExhc3RDUkwwDgYD VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBNk87VJL5BG0oWWHNfZYny2Xo+WIy8 y8QP5VsWZ7LBS6Qz8kn8zJp3c9xdOkudZbcA3vm5U8HKXc1JdzNmpSh92zq/OeZLvUa+rnnc mvhxkFE9Doag6NitggBPZwXHwDcYn430/F8wqAt3LX/bsd6INVrhPFk3C2SoAjLjUQZibXvQ uFINMN4l6j86vCrkUaGzSqnXT45NxIivkAPhBQgpGtcTi4f+3DxkyTDbWtf9LuaC4l2jgB3g C7f56nmdpGfpYsyvKE7+Ip+WryH93pWt6C+r68KU3Gu02cU1/dHvNOXWUDeKkVT3T26wZVrT aMx+0nS3i63KDfJdhFzutfdBgCWHcp03NhOhMqy1RnAylF/dVZgkka6hKaWe1tOU21kS4uvs D4wM5k6tl0pin2o6u47kyoJJMOxRSQcosWtDXUmaLHUG91ZC6hvBDmDmpmS6h/r+7mtPrpYO xTr4hW3me2EfXkTvNTvBQtbi4LrZchg9vhi44EJ7L53g7GzQFn5KK8vqqgMb1c1+T0mkKdqS edgGiB9TDdYtv4HkUj/N00TKxZMLiDMw4V8ShUL6bKTXNfb3E68s47cD+MatFjUuGFj0uFPv ZlvlNAoJ7IMfXzIiTWy35X+akm+d49wBh54yv6icz2t/cBU1y1weuPBd8NUH/Ue3mXk0SXwk GP3yVDGCA/YwggPyAgEBMIGXMIGCMQswCQYDVQQGEwJJVDEPMA0GA1UECAwGTWlsYW5vMQ8w DQYDVQQHDAZNaWxhbm8xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSww KgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMQIQK0NjfYTmoz4r qg9tGyNesDANBglghkgBZQMEAgEFAKCCAi8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMTkwOTE4MTQ1MDIzWjAvBgkqhkiG9w0BCQQxIgQgiX/F7NbbowKH lAWbZTtS02XnWnSOdiy4jUyPKMY1N4MwbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQMEASow CwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIB QDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBqAYJKwYBBAGCNxAEMYGaMIGXMIGCMQswCQYD VQQGEwJJVDEPMA0GA1UECAwGTWlsYW5vMQ8wDQYDVQQHDAZNaWxhbm8xIzAhBgNVBAoMGkFj dGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRo ZW50aWNhdGlvbiBDQSBHMQIQK0NjfYTmoz4rqg9tGyNesDCBqgYLKoZIhvcNAQkQAgsxgZqg gZcwgYIxCzAJBgNVBAYTAklUMQ8wDQYDVQQIDAZNaWxhbm8xDzANBgNVBAcMBk1pbGFubzEj MCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxLDAqBgNVBAMMI0FjdGFsaXMg Q2xpZW50IEF1dGhlbnRpY2F0aW9uIENBIEcxAhArQ2N9hOajPiuqD20bI16wMA0GCSqGSIb3 DQEBAQUABIIBAGoHs8qn60/eg+p+srTCkGRxWg2VuuEWk2K6iVv0oon7CMNLPmmbS6GmHKCZ 5v1t2uKkWbXWYeeEuAsJFgb2KmOuRCC39X7VPSS+CevzN23qs/Czf0q0RrXPvXm71bGbsIUh VvJdaK9ZtPttYR9qr0zzCa5PTF2OnR7r0Teg00eEvP2psLzo4SWma2Txs8VR59J0CNqAFD4s SLL8OScewBHIWiJJzUHd3Ik7tl2Im8eKIiuibBhnTElymAKWN/wGPWBAuXYtpV+zDnzlW0Ok NBki46PcSQbDnHrgBXOIJG3rm04qg81XotLGy6NtPbZYNXhcETyNA0LPeMSVApVy8xAAAAAA AAA= --------------ms090904010206040709020606--