Content-Type: multipart/related; start=; boundary=----------fuoQb2kb5IV8FKnbT51jdA
Content-Location: http://www.itl.nist.gov/fipspubs/fip181.htm
Subject: =?utf-8?Q?FIPS=20181=20-=20(APG),=20Automated=20Password=20Generator?=
MIME-Version: 1.0
------------fuoQb2kb5IV8FKnbT51jdA
Content-Disposition: inline; filename=fip181.htm
Content-Type: text/html; name=fip181.htm
Content-Id:
Content-Location: http://www.itl.nist.gov/fipspubs/fip181.htm
Content-Transfer-Encoding: 8bit
FIPS 181 - (APG), Automated Password Generator
Return to the FIPS
Home Page
FIPS PUB 181
Federal Information
Processing Standards Publication 181
1993 October 5
Announcing the Standard for
Automated Password Generator (APG)
Federal Information Processing Standards Publications (FIPS PUBS)
are issued by the National Institute of Standards and Technology after
approval by the Secretary of Commerce pursuant to Section 111(d) of the
Federal Property and Administrative Services Act of 1949, as amended by the
Computer Security Act of 1987, Public Law 100-235.
1. Name of Standard. Automated Password Generator.
2. Category of Standard. Computer Security.
3. Explanation. A password is a protected character string used
to authenticate the identity of a computer system user or to
authorize access to system resources. When users are allowed to
select their own passwords they often select passwords that are
easily compromised. An automated password generator creates random
passwords that have no association with a particular user.
This Automated Password Generator Standard specifies an algorithm
to generate passwords for the protection of computer resources.
This standard is for use in conjunction with FIPS PUB 112, Password
Usage Standard, which provides basic security criteria for the
design, implementation, and use of passwords. The algorithm uses
random numbers to select the characters that form the random
pronounceable passwords. The random numbers are generated by a
random number subroutine based on the Electronic Codebook mode of
the Data Encryption Standard (DES) (FIPS PUB 46-1). The random
number subroutine uses a pseudorandom DES key generated in
accordance with the procedure described in Appendix C of ANSI
X9.17.
Similar to DES, the FIPS for Automated Password Generator is an
interoperability standard. Interoperability standards specify
functions and formats so that data transmitted can be properly
acted upon when received by another computer. This type of
standard is independent of physical implementation. Implementors
are required to use the algorithm defined in the FIPS, however,
they are not constrained in how they package it. For discussion
purposes a NIST implementation of the Automated Password Generator
is provided. It is expected that commercial implementations will
be based on the latest technologies and differ from NIST's, however
the results should be logically equivalent to that of this FIPS.
4. Approving Authority. Secretary of Commerce.
5. Maintenance Agency. U.S. Department of Commerce, National
Institute of Standards and Technology (NIST), Computer Systems
Laboratory (CSL).
6. Cross Index.
- a. American National Standards Institute (ANSI) X9.28, Financial
Institution Multiple Center Key Management (Wholesale) Draft.
- b. Department of Defense CSC-STD-002-85, Password Management
Guideline.
- c. Federal Information Processing Standards Publication (FIPS PUB)
48, Guidelines on Evaluation of Techniques for Automated Personal
Identification.
- d. Federal Information Processing Standards Publication (FIPS PUB)
46-1, Data Encryption Standard.
- e. Federal Information Processing Standards Publication (FIPS PUB)
81, DES Modes of Operation.
- f. Federal Information Processing Standards Publication (FIPS PUB)
83, Guideline on User Authentication Techniques for Computer
Network Access Control.
- g. Federal Information Processing Standards Publication (FIPS PUB)
112, Password Usage.
- h. Federal Information Processing Standards Publication (FIPS PUB)
171, Key Management Using ANSI X9.17.
- i. National Technical Information Service (NTIS) AD A 017676, A
Random Word Generator for Pronounceable Passwords.
7. Objectives. The objectives of this standard are to:
- a. improve the administration of password systems that are used
for authenticating the identity of individuals accessing
computer resources or files;
- b. provide a standard automated method for producing
pronounceable passwords that have no association with a
particular user;
- c. produce passwords that are easily remembered, stored, and
entered into computer systems, yet not readily susceptible to
automated techniques that have been developed to search for
and disclose passwords.
8. Applicability. This standard is applicable to the development
of procurement or design specifications for implementing an
automatic password generation algorithm within a computer system.
It shall be used by all Federal departments and agencies when there
is a requirement for computer generated pronounceable passwords for
authenticating users of computer systems, or for authorizing access
to resources in those systems.
This standard does not require the use of passwords in a computer
system, but establishes an automatic password generation algorithm
for use in systems where an agency's computer security policy
requires computer generated pronounceable passwords. It should be
used in conjunction with FIPS PUB 112, Password Usage Standard,
which specifies basic security criteria for the design,
implementation, and use of passwords.
9. Export Control. The Bureau of Export Administration, U.S.
Department of Commerce, is responsible for administering export
controls on cryptographic products used for authentication and
access control, which categories would include implementations of
the Automated Password Generator. Vendors should contact the
following for a product classification:
Bureau of Export Administration
U.S. Department of Commerce
P.O. Box 273
Washington, DC 20044
Telephone: (202) 482-0708
Following this determination, the vendor will be informed whether
an export license is required and will be provided further
information as appropriate.
10. Specifications. Federal Information Processing Standard
(FIPS)
181, Automated Password Generator (affixed);
11. Qualifications. The Automated Password Generator uses the
Electronic Codebook (ECB) mode of the Data Encryption Standard
(DES), Federal Information Processing Standard 46-1 (FIPS PUB 46-
1), as the random number generator. This mode of operation is
specified in FIPS 81, DES Modes of Operation.
The protection provided by the DES algorithm against potential
threats has been reviewed every 5 years since its adoption in 1977
and has been reaffirmed during each of those reviews. The DES, and
the possible threats reducing the security provided by the use of
DES, will undergo continual review by NIST and other cognizant
Federal organizations. The new technology available at review time
will be evaluated to determine its impact on the DES. In addition,
the awareness of any breakthrough in technology or any mathematical
weakness of the algorithm will cause NIST to reevaluate the DES and
provide necessary revisions.
12. Implementation Schedule. This Standard becomes effective
March 25, 1994.
13. Waivers. Under certain exceptional circumstances, the heads
of
Federal departments and agencies may approve waivers to Federal
Information Processing Standards (FIPS). The head of such agency
may redelegate such authority only to a senior official designated
pursuant to section 3506(b) of Title 44, U.S. Code. Waivers shall
be granted only when compliance with a standard would:
- a. adversely affect the accomplishment of the mission of an
operator of a Federal computer system, or
- b. cause a major adverse financial impact on the operator
which is not offset by Government-wide savings.
Agency heads may act upon a written waiver request containing the
information detailed above. Agency heads may also act without a
written waiver request when they determine that conditions for
meeting the standard cannot be met. Agency heads may approve
waivers only by a written decision which explains the basis on
which the agency head made the required finding(s). A copy of each
such decision, with procurement sensitive or classified portions
clearly identified, shall be sent to: National Institute of
Standards and Technology; ATTN: FIPS Waiver Decisions; Technology
Building, Room B-154; Gaithersburg, MD 20899.
In addition, notice of each waiver granted and each delegation of
authority to approve waivers shall be sent promptly to the
Committee on Government Operations of the House of Representatives
and the Committee on Government Affairs of the Senate and shall be
published promptly in the Federal Register.
When the determination on a waiver applies to the procurement of
equipment and/or services, a notice of the waiver determination
must be published in the Commerce Business Daily as a part of the
notice of solicitation for offers of an acquisition or, if the
waiver determination is made after that notice is published, by
amendment to such notice.
A copy of the waiver, any supporting documents, the document
approving the waiver, and any supporting and accompanying
documents, with such deletions as the agency is authorized and
decides to make under 5 U.S.C Sec. 552(b), shall be part of the
procurement documentation and retained by the agency.
14. Where to Obtain Copies. Copies of this publication are
available for sale by the National Technical Information Service,
U.S. Department of Commerce, Springfield, VA 22161. When ordering,
refer to Federal Information Processing Standards Publication 181
(FIPSPUB181), and identify the title. When microfiche is desired,
this should be specified. Payment may be made by check, money
order, credit card, or deposit account.
FIPS PUB 181
Federal Information
Processing Standards Publication 181
1993 October 5
Announcing the Standard for
Automated Password Generator (APG)
Contents
1.0 INTRODUCTION
2.0 TECHNICAL EXPLANATION
- 2.1 Unit Table
- 2.2 Digram Table
- 2.3 Random Number Generator Subroutine
- 2.4 Random Word Algorithm
- 2.5 NIST Implementation
Appendix A
1.0 INTRODUCTION
The Automated Password Generator standard is derived from a C-code
version of the program described in "A Random Word Generator For
Pronounceable Passwords," National Technical Information Service
(NTIS) AD A 017676. The original program used Unix system
functions to produce the random numbers needed by the password
generator. These functions were replaced with a DES-based random
number subroutine that uses DES in the Electronic Code Book (ECB)
mode. As input, DES uses the old password or user supplied
character string, and a pseudorandom key created in accordance with
the procedure described in Appendix C of ANSI X9.17. Any change to
either the key or input data string causes DES to generate an
entirely different random number. Every time this occurs the
password generator creates a new random password.
2.0 TECHNICAL EXPLANATION
The Automated Password Generator standard is organized as a main
procedure that references three major components: (1) the "unit
table"; (2) the "digram table"; and (3) the "random number
subroutine." The random password generator works by forming
pronounceable syllables and concatenating them to form a word.
Rules of pronounceability are stored in a table for every unit and
every pair of units (digram). The rules are used to determine
whether a given unit is legal or illegal, based on its position
within the syllable and adjacent units. Most rules and checks are
syllable oriented and do not depend on anything outside the current
syllable. The main procedure (algorithm) defines the internal
rules used to generate random words. The three components and the
algorithm are described below.
Appendix A is the code for the NIST implementation of the Automated
Password Generator standard. This code consists of the C-code
version of the program described in "A Random Word Generator For
Pronounceable Passwords," the code that comprises the DES random
number subroutine, the actual DES subroutine, and the code for
generating the pseudorandom key. Implementations in other
programming languages are acceptable, however, the results obtained
must be logically equivalent to those produced by this standard.
In the NIST implementation of the password generator, the values
selected for the two DES keys and the seed for the random number
generator are readable in the code (Appendix A). In an actual
vendor or user developed implementation the values of the keys and
the seed would be secret, randomly generated values set by the
application.
2.1 Unit Table
The unit table defines the units (alphabetic characters) and
specifies rules pertaining to the individual units used in a
randomly generated word. For example, the location of vowels in
the words generated is determined by these rules. The unit table
used in the Automated Password Generator standard is identical to
that furnished in the report "A Random Word Generator For
Pronounceable Passwords" (item i in Cross Index).
2.2 Digram Table
The digram table specifies rules about all possible pairs of units
and the juxtaposition of units. The table contains one entry for
every pair of units (digram), whether that pair is allowed or not.
The random word generator ensures that the rules specified in the
digram table are satisfied for every two consecutive units in the
word being formed. The digram table is also from the original
report.
2.3 Random Number Generator Subroutine
The random number generator uses a DES subroutine to produce double
precision floating point values between 0 and (excluding) 1. These
numbers are multiplied by a program variable n which is an integer
value. This operation yields a random integer between 0 and (n-1)
inclusive. The random numbers created by the DES routine serve as
input to the random word generator. The subroutine to generate
these numbers is called by the word generator each time a character
(unit) is needed.
Not all characters generated will be acceptable to the word
generator in every position of the word. Each character is checked
for appropriateness using the rules defined by the unit and digram
tables. Therefore the random number generator subroutine will be
repeatedly called until an acceptable character is returned. An
upper limit of 100 calls is placed on generating any particular
character. If that number is reached the whole word is discarded
and the program starts over.
The actual distribution of legal units is different for every
position in a particular word which, for any unit, depends on the
units that precede it as well as the units and digram tables. The
random number subroutine itself makes no tests for legal units.
As its input DES accepts two 64 bit data blocks. One consists of
the old password or a data string; the other is a 64 bit (56 bits
+ 8 parity bits) pseudorandom key derived using the procedure
described in Appendix C of ANSI X9.17. The old password is entered
manually from the keyboard. An input array is created from the
first eight bytes of the password or input string. The program
will accept a null string (carriage return). All characters past
the eighth are disregarded. If the input block is less than eight
characters long the extra elements in the input array are filled
with ASCII 0. The Electronic Codebook (ECB) mode of DES described
in FIPS 81 ("DES Modes of Operation," December 2, 1980) is then
used to encrypt the input data. The output is a 64-bit random
number which is the encrypted form of the input.
The first function in the DES structure is setkey(), which converts
the pseudorandom key to a format used by DES for the encryption.
The command-line options sent to setkey are (0, 0, key). The first
0 is set so that setkey() does not generate parity; the second 0
tells setkey() that encryption (rather than decryption) is
required. Key is a pointer to the beginning of the key array.
After setkey(), the des() function is called. For input it uses
the addresses of the input and output arrays. Both input and
output are defined as unsigned character arrays of length 8 bytes.
The output array, out, is sent to a function, answer(), which
returns the final required number. The function answer() takes in
the address of the output array as an unsigned char pointer and the
integer n for which a value of 0 to (n-1) is needed by the random
word program. This function creates a variable sum, defined as an
unsigned integer. To obtain a numerical value from the output
character array, it adds the ASCII values of the first three
elements in the out array and stores the sum in the variable sum.
Thus, sum = out[0] + out[1] + out[2], which is an integer. To
obtain a number with the required range of 0 to n-1 from sum, the
function takes the modulus of sum and n, (sum%n). This value is
then returned to the calling function within the random word
program.
2.4 Random Word Algorithm
The algorithm used to generate random words is fixed and cannot be
modified without changing the logic of the program. The function
of the algorithm is to determine whether a given unit, generated by
the random unit subroutine, can be appended to the end of the
partial word formed so far. Rules of pronounceability are stored
in the unit and digram tables discussed above. The rules are used
to check if a given unit is legal or illegal. If illegal, the unit
is discarded and the random unit subroutine is called again. Once
a unit is accepted, various state variables are updated and a unit
for the next position in the word is tried. Most rules and checks
are syllable oriented and do not depend on anything outside the
current syllables. When the end of the word is reached, additional
checks are made before the algorithm terminates.
Passwords created by this automated password generator are composed
of the 26 characters of the English alphabet. Although numbers and
special characters are not permitted, the password space, which is
a function of the number of characters in the password, is very
large. Approximately 18 million 6-character, 5.7 billion 8-
character, and 1.6 trillion 10-character passwords can be created
by the program. Users should select a password space commensurate
with the level of security required for the information being
protected.
The password algorithm does not preclude the generation of words
found in a standard English dictionary. If required, a
computerized dictionary could be used to check for English words,
and the implementation could include software tests to prevent them
from being offered to users as passwords.
2.5 NIST Implementation
Figure 1 is a block diagram of the NIST implementation of the
automated password generation algorithm. Appendix A contains the
C-code for the DES, random key generation, and random word
generation routines that were used in the implementation (see
shaded boxes in Fig. 1). The personal computer used by NIST to
demonstrate the standard is implementation dependent. NIST
replaced the Unix random number routine in the original version of
the program with the "DES Randomizer" and "Generate Random Key"
function. The DES randomizer accepts an old password and a
pseudorandom key created in accordance with Appendix C of ANSI
X9.17 ( FIPSPUB 171) and generates a random number. This number is
used by the Random Word Generator to develop a password. As the
password is being generated each group of letters is subjected to
tests of grammar and semantics to determine if an acceptable word
has been created. If all tests are passed, the new password is
output to the PC.
In the NIST implementation, the values for minlen and maxlen, which
define the minimun and maximum size of the password, were set at 5
and 8 respectively. A user needing a fixed length password word
could set these variables to a specific value.

Figure 1
Appendix A
This section contained a listing of the source code referenced in the
Automated Password Generator Standard. This section is not available
in electronic form.
Complete copies of FIPS 181, including this appendix, may be
purchased
in hardcopy from the National Technical Information Service (NTIS) via
mail or telephone.
National Technical Information Service
U.S. Department of Commerce
5285 Port Royal Road
Springfield, VA 22161
(703) 487-4650
Order by FIPSPUB181
Price: $22.50
(Same address and phone number for discount prices on quantity
orders.)
The Foreword, Abstract, and Key Words follow:
FIPS PUB 181
FEDERAL INFORMATION
PROCESSING STANDARDS PUBLICATION
1993 October 5
U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and
Technology
Automated Password Generator (APG)
U.S. DEPARTMENT OF COMMERCE, Ronald H. Brown,
Secretary
National Institute of Standards and Technology, Arati Prabhakar,
Director
Foreword
The Federal Information Processing Standards Publication Series
of the National Institute of Standards and Technology (NIST) is the official
publication relating to standards and guidelines adopted and promulgated
under the provisions of Section 111(d) of the Federal Property and
Administrative Services Act of 1949 as amended by the Computer Security
Act
of 1987, Public Law 100-235. These mandates have given the Secretary of
Commerce and NIST important responsibilities for improving the utilization
and management of computers and related telecommunications systems in the
Federal Government. The NIST, through its Computer Systems Laboratory,
provides leadership, technical guidance, and coordination of Government
efforts in the development of standards and guidelines in these areas.
Comments concerning Federal Information Processing Standards
Publications are welcomed and should be addressed to the Director,
Computer Systems Laboratory, National Institute of Standards and
Technology, Gaithersburg, MD 20899.
James H. Burrows, Director
Computer Systems Laboratory
Abstract
This publication specifies a standard to be used by Federal organizations
that require computer generated pronounceable passwords to authenticate
the personal identity of an automated data processing (ADP) system user,
and to authorize access to system resources. The standard describes an
automated password generation algorithm that randomly creates simple
pronounceable syllables as passwords. The password generator accepts input
from a random number generator based on the Data Encryption Standard
(DES) cryptographic algorithm defined in Federal Information Processing
Standard 46-1 (FIPS PUB 46-1)
Key words:access control; Data Encryption Standard (DES); Federal
Information Processing Standard (FIPS); identification; passwords;
security.
Return to the FIPS
Home Page
------------fuoQb2kb5IV8FKnbT51jdA
Content-Disposition: inline; filename=fip181.gif
Content-Type: image/gif; name=fip181.gif
Content-Location: http://www.itl.nist.gov/fipspubs/fip181.gif
Content-Transfer-Encoding: Base64
R0lGODlhKQKGAfcAAAAAAL8AAAC/AL+/AAAAv78AvwC/v8DAwMDcwKTI8AAAAAAA
MwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBmmQBmzABm
/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/MwD/ZgD/
mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNm
MzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM
/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbM
M2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//8DAwAAAfwB/AAB/f38/AAAf
PwA/Xw8PDx8fHx9ff9+ff9/f3+/v7/+/n//fv3+//38AAH8Af39/AH9/f5kAAJkA
M5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm
/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/
mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxm
M8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM
/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/M
M//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP/////78KCgpICAgP8AAAD/AP//
AAAA//8A/wD//////ywAAAAAKQKGAQcI/AD/CRxIsKDBgwgTKlzIsKHDhxAjSpxI
saLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fP
n0CDCh1KtKjRo0iTKl3KtKnTp1CjSp1KtarVq1izat3KtavXr2DDih1LtqzZs2jT
ql3Ltq3bt3Djyp1Lt67du3jz6t3Lt6/fv4ADCx5MuLBBBYgTK17MuLHjx5AjS548
2bDlyywV1NvMubPnz6BDix5NurRp0gowq149UvPp17Bjy569OTXr27gzuqbNu7fv
07ZzCx/+cPfv48h/ByfOvHlB48mjSwfuvHp16NOza++83Lp33PvYt4uX3v27eczh
x6tXfr696vSmAcjfDGD95/rTy7vfDxj+6Pn0AWgfZ/iRx9+BgvknmoD0DUhggdHp
h+CEdykIGoOhyTefhvVgqGF9HAL44YMcdlgibxJSqKJcFt4H4YX4bSjjgwGaCKKJ
NeaI4460pfgSAAd9KJCGQ35IZEFCEpTkQEsyGaSR8jEJJZD/TJmQlQZRiWSUWlbJ
ZZFcCnmkkmNKCaWZTSJ0pJZTsrlmlF6eCaaRamaJJZlwopkmVi16hqGLNYpYoKA8
dnaigISieFOeWyrppJdDkimpmVt2WWSQl1Y5aaSZQqqmm42Gmieco7rJZqidplqq
lPtXmrqpppRyquqrjKbKKam0dslorVf1aSiEIwY4YqI2hvjijDpC2ZuPLZXJ6qOv
PjvrqJ7i2eqTn0Yrba3OUtuprqDKqqqlu4Zrq7Ti8uokruiiWm2sdmKLbrlc+frr
vTTii+ixwMY46L/IMbsSkOruGq+731ZLMLnvIpwpueBmOy3ElsYpr8La0rttxAdf
C6uj7D7cccMLS5yxuQ0XlVhxszHo8qA77ktgocRuyOOLsQmsEpW8Guxwz6eyy+25
RNOZq8k+cwt0xUSWDPHId75bcMWV9nwpuM7GuSfPVAPdcdRHMcaQvX4G+6uMaJMI
4onFyiwszjnbxDXUI/uf6+2XJBOdsqdPt6snwylnLTjBkPZ9tNd+7z0p0/DyHa+6
sE5dt8IlN+VYQmQ7qDl3NYHt88lfXz2u0Q4rrvHkc47J9akWS+r0zxwrra3UqlMt
a5mQ8820nKCjSqrtRkF22ObEx00Tx/Oifnrkq0K7t+QXm2478uai/G3XyF9/dPTL
I7n9xUP7Df24iVtE2fnooz9Q5sU7qPNJu9OqfPbVs967u/V77L2ocz8cf9HZo93G
9CdA5wFuVvOyX7vGV0C9USR9EIzgY/7BvvbZ530lSRLptLY7yKVpTWjSWurwRDGj
gY2EVRvhwnTVOt8Bb2u1W+Ge7IS7O+Hub/ulyqEIORjCJylNh7rBIEgi8xwLGlE0
QlyREkuCmJdc7iAVPKJ4krjEKg6RihwRm0KiKEXtYNGKYNRIEzOzsoZwsYv5CaMa
UzLGlSTxjGiM0BrnyMQvujGOXbQjHfc4Nj2ysWzK8g3bfhMsI/nGjzPRYA5dZaoN
9vCDbyIdDHkHyd9RMpKpy9rHSKjIpZUQTHZpI0+w8zJCwq03LgvYUlTnwoQ5jns/
3FTz6Na4FkrNWrcTWen6Z73lsTKUiDwJKftlSukgKjnBlEnlDOet2cmPWqebZeki
Bc0AgoxnqAOlyRZIv1fWRZQ7GSa+ikWiQrXtbP5am40WpE4YpfxtkJxJZkyW6cIX
Am9i66Ke9Z7FuGouLkveLF/lokc+3wV0LuDUyTANmaN9tTNmAINoO//0tgz5K2ZI
XKXocjW9e95SaPoU6NZeWS7BbdSZ/Ztc9zBWuArJkyTipOg6GxpRtyWKWGUzJ00x
GpqX/qiWscxm8lpKuyZ5EJv7w5vGGKdNlOoNcXaznybhktCciNOcyIJovmx6Ua3C
SEdqE9Qpa6PRprpycAtJGuEaiL/yMe+tbnXVLnl3v8BJNXduqSpOrnqzrnr1rzft
qkzdlq+zjcanLglgM6G6zdUlsLFxbepKDfi//QGwbr505lv0ehO+epWrW62pYP2a
08L73mxmhy2r8ygX1bSyUHsiHaABZYtAcW3SbiqtbEFt61G2cNYm0DFbiZQ1LIce
arjGWhvOCilcto2VrEm54SNtOadWWfJ2kezgktoUq0ZmEoi8raElS4o17VbKUcD8
CRzxGB/U8PG9HfltTdbLXos+F7rwze9F5EsT+tbXRfetB2L1u0b+zsS//53NgAkc
RgPLBMEJNh6DJ1ycBX8EwhF+jYUprEQHxwTDGTbNhjmsIg/DBMQhdi+JV4wQEzsx
xZobMYsP5GKXSPDGOM4xBGfM4/XJmCk17rGQRRLkrhR5yEjO4o+XcuQkO3m/S1ZK
k59MZYlMOStXrrKW+0j71ShvOclZ7pWXvzzkMFvFzGROMwXHHDY2q5nFaKZKnN+s
5TlLZcoHRKEtm9ZDPe3QkdXlJF7p3OVCV8Rw501XSp8Xu32ODoSEdqmhJxJU74WM
pU9FKmxpeaveRlotdo7KkRlWsIBqMnd42/Q0P+bpT6Ml1FApcvisRtRaKo660nSq
W10Najer7IuzZip1cX1P2WW6Trvm9at9TRRZl7dbjXNsZH+I6q6tWtnLnnREPpe3
obLV0h0l4GoHje2ywPopzl7tLdHrv9nluobuvna5zc3soYw60Cbk9gr1HEI6oZWD
r2X3vH1bb6GMutVGIffAxXJupzQZ4UWB+ML7vdJwy/lR4kHB+MTrVfCgVHzj+f04
kzsO8iWKXMokL/mKTp4Ulqu8wCn3ictf3uCY92TmNLcizn+d80jvvNk277l7fm7v
oAv9PEQ3uNGP/p2kjzI4bXQ605u+9PnaZoxSn7p3sq7QCWqdyly3qte/7uSwi12L
ZC971a2O9rQj2ex7bYzb1Z7Xxcyd7m1p+917DPe4K2bvb187cMsIeCH33e+CL/xl
Dt9Zwit+xoxv/OMNn3irT57vle9v5i+foMrr+POgD33kOX9nz8PYfYMRvepX/3nh
jJ6Cpx/Q5lUWewvOXtSmr716bm9v3ReP9+jOve+3A3yPD39zxbf8+CiPT/zUMx/1
uXk9ipmffPU+X/auF/71ken87e8++8tXz5QAydB1Bvg4PuXuRaYaTvKbjTfwhH9y
00abQVZ/5OEXf0RNO9r1IHay26ZxJwYoplV/5/caDoVa8ucZ94dy+TcepVSAyeJ/
HgGAEKFwwEWAYGWAxrR/B8hODAh+7bceEdhQhoV9HRFNMUQyRoVJYSKAG+FZxlVO
HvJ+zKVO8ZcsMINOwtJX9ieCCmUfJXhOJ0iBKXhJ1zNQv8NPjrWELbFQzaWDD1Uz
ozVRpxQiOMIvNHUjf4VftyF9QkhMWwVgF1SBA5VousOEapiGt8ZEgDJYoLVTchhY
IIiD/KWFU10oYEBoVWE4TjrVIT34fUdoK2GyhmzIhk6IgUNEgDXYVzr4iJ9FWjll
h/oiiXjYgC2nfeIxhBS1f1NkhrLVPKIYLom4aCrBV3EIWH5Fh3lYWjrFiqEVgtGn
idtBWGDVf4LIEUuVUk54iKXYbk+ogZEYi3I4jK04Tn8Ci8XohawBhvpXfm9TSDOV
ixqxXeP1gvuWSY/UNC8YjDwYiMSVXGH1L2KlXNOogZ2IXDX4fpiIFM7ofaqUIPA4
Hu3YZg84j8vCIg42ffhYj8FDi/ioYPr4d1sUkF60h3tlkIeEUHIHRQqZRrN4jw8J
G/7IRmMnEPw4jxUJdBI5kfzAwXogGZIhiZEeyX0ROYIlSZEiuZIsGXopiX4t2Xq4
15EvmVEMeZEZCY8xKZOxBpA12VN08URFhBzDRTwfKBuet5HP4ZM/+RlKWUcE2WLH
kYCbc5QSJnalR5PjKFOwkYNdaZUiNpA6s14eUpVgqWFPl5UoCYISKBtciYBnqWJU
BRFw9JYVZSzkZ37pRI7l2IN26ZRpOZNraVF+yIH19X+YtH6K+GDF9B8XhZc7hYVU
SIxYSJGB2ZNayX98SYP84lzqmIVUGUjkBJmAaYYKZBGL+WGNyZbIAlrp6IG4iJSX
GXyZGY2pSJqTKVGq2CCOCJpcWJopeFCHBoOZsZr85GSbqlhckwiby2iZ4fSUPlab
oGlfxLibxmiLvZlVQFmB3sSNTZiNI4RC3GhjUymGG5ibmgmJxiibz6mWQUgaeJhV
uRmHsMiJhmSXAzY3jUYpvdif+plqd2ScJWiFhfVQu0mgfxiW7SmY7+mYBbqKEAqJ
rEhYnumK2xmcZuWfwOiL/6maRPl+dymOIfoyUVhRx3mVceeefAifYjifokWZsWlT
E4ifHyFXG/qLN+pvxBmDTakoC4qZgwlg5IicxcWXMzia7zR/MwiisoihBTWKsPVu
OypGPdojs+lwTFmlzFiNlsWhObppZ+iNWuqcXaeiCTmmF7oR0vU3IuSd/NREbTtE
nmiKlj9Km0E6p3ooj3iqoGXKoCu6p/HUfYCaWnWKpdLZo9B5YIMql1jpp2e6qInK
mItqk30KpA06qJHqoZMKGklppp21qZk6gJvKqVeqfHc6p6H6YqMKnI1qqX+KqYK6
qoFaqKbadTt5qzkWq7Kap5Vqp6T3hLgarKIneRgJdRv5er9qHlh3dUqJrMm6dRfp
gM/6acJTq9NKaEIJZKkaRNc6FtmKf3m3rd3aR3onrQQ3rgxnd77aa86KrkSmroZK
cO3qrlcUldaaFvZKr1uRr9oqr46nr1j2r/0qN91SaR5RrgB7ZgILrolEP7oVX/Ca
sAHrqT/isPxCBWUIK7FTMa9WZnNQtUhT2mINqbFiRrHNUlk4erAjS7I657Eoy0sh
exjRyrIr57JfA7MX1kQ6y7E0WxE8W2GdY7GHqGTFWrQ9u7ELm4lBuz29GIMEIUri
KrGIURtP2XeVtDrsx61Hi7TG8bML4bWnGLUamxhOCbZQJLY+i7YAO7U9ZbZLWXdb
25Ol4bbRGa5xi6UfqbQ1SlfzpIh0e7dPay90C2u5BhN+q7bjyrYqaY8gUbgVC7SA
644VZLaES4oFe43dSF6gBLKQG7lAx0VgW7msoqGagitCszhNuKFc5rlFB0deW7mV
BC+1YzH7yYIOJLOsq3TIxLOi+zj8WNNd+1a7xna4uQsUihswHNu7qIuGb0KIOLu8
DvG3NHu8EXJ7ymuI+gmMw2uKTfu1iHt51Esesxdqk5RdgTa0+Ha5WRu4xft0u7d5
0gtT36t44etFmRe/MZir7WuROckdnRoWILm/8tu/DJh4+PtAi6EcGSvAUNY+kXfA
dKkY9suvDIzARsR4EGxGEvy+SVvB0UvAqNF3GYw5GxxjFOzBWwTCImZ0IyyzZGt7
J4zCS8leZtfCPla/MGzDrobDRxR2NlzCNNzBFczDUsR1IwzECRbD7fvCEZZ1GczE
MCbErAvFTUxyB0zFsSfFd0vEh9lx+IvFtafFR8vF/5V0/PELxronxixLxkn8c3+L
xNSnxgnLxlXsa4NLx1QrrHgsYDoMeSo8RW7mtmjctno8yJzaxyS2xyE2c5S7x4ZM
j46MyAz2yL7ncqGryIqcH2Qjx89KycPHcq+byX98yEgpyVNhjTH7nB55cqGsYAXc
kv6rYPPLFOGDtCkpcj+bybXhvzsZT5M7y6t0mnL7kh/Hu7osYL7syT2ywcfMx2BU
iCl0vsY7yhcsY8nbzLuhzIfEtthsylIBoO12aTJHzT18bte8LL58QdwMusCsFNDT
jbpbf0LomMuFnxY2r828y1Qre66Rz85cRVPTSdMcRX9JlCz6VSF8Rerluumszvz7
vM0AjT0+NM5c5JXJYZfpuMI5O87o19D+18/r5c1PMT5rlZpkJEh/2FxLWn736ZkV
qjZlq7IcrRwe/b4PDdErMkOdlMrvSkjnSaB06KISypw6FWfI6s/xVNOQfNM4/XhI
DYhYpYWVaJ3lVIyp6L9Eq8oBo9SAzNRNDXhPPX4FuI6QSaFTGKHIecj5675b7dVd
zce7S7/0ZZ5RbaHWKdTqeVjJNHpPndRundYmqmEgXb1gPdfoGCMmeFqTiVzVSaF6
jUgPDGHZnB70eZTrvCzHK9LOoc0sWo5DWtUmCo0SVZTHdaQJbT6C19d+DdcIPZ3L
/Ndzm8C+7Hac3T78Be0+eoTBGDbZhBkoccnakcwYMf11qq1/QZy2YpcfXP2It03K
rB3CjqHWWlfcEGjRv/dFh0fd+vzc7ieJKgnbeVzI4j3e5F3eEbSrOYNF2Q1ivN3a
bfmRsG3e8j3f9D3f6M2eEbHe2dHewlidKwzeyRzd0n102j2mQSbCKMbfdg3T383d
0C3bAy50BY6o2L10E67gS+3gKwzHVDvdE07MdgR3H47hb93NOKzZs0jOz8fJuGt1
xLfc9gvgwNG2ZPfhCnllIj59JE58g22/aWfj/RhMNcyPOx7jGk7YNa7iWbzXQWfj
Rb7fPe7jP07QotlF1h3ba615UwTjUC7j/F9N3FT+3rb92/8sRk1O5FwuvlEO5XdX
23ktRc093Fl+YGiexx+95pq8d27OVWRtm+ZIounkg3GO1RDr4i9u55B82TxeeIos
M/OJUSLCm3NoM8cI3Rut5YfOx7ea5gos118JoqUN2u801XWdoEh0z2e+5QEOy17+
5XOHxxlNolU96jB6h5a9YT6ckUre6pjt1H2SjJYYmsHenHio161hc0AO5LENyZPH
xsA+gVk46bb+0xt46vKL6TxuwsnM7M1OxEwaSDf4onl5ooBt7ddO5xws3u/LeW6e
xkuW63euxx/9q8oOw8KE7EquevZO77s+wSgB7w6s79fdyf0uvvxhi+3It+rwnc0B
P631rs5uhO/pLtzh3SdADBncTvDbt3MAn+mv3LXp45RIBMjd2u5o5MYS7/G8DJIj
L+XXavLlbGOp7kU9pfLc4fKJW/Dp7UQzr9yEHJItb/D0+vDIe2I9HyFlnOf6SvSY
bcVHj7z1zeG9vrY6b+4f9vQwGfUwT+NzXPVyfvWGXr3pTRkaFt5HPvVd7/Udrnlh
v7tjPxllr+lSjyLtbHJMj+WW1/YwmTMr3xixvc4QDpM9e/dWz/Z6r8D2LfdIPr39
vt6DJ758f+qaMfmSgcxlu/iMH/Brh+BiT5Ez/vkFHNdxS/ia3qvovrtar9oorl93
L337VZfPqU/2suy5W7+4pfpgoIvMilv5kSH3fu/7ZNv7k7/MU6zszqrfPbLLuFrx
we/X/Wz57LP6FObk47v5kwv8vZxjlm/7xXvh1mv9roz9MSn+lN/725+3+6vd19x1
SMn82R/dGM/N3J/+/sXiYJ/cnk/+4y9BwC3YHvzUAKFA4D+CBQ0eRJhQ4UKGDf8N
dBhR4kSDAutdxJhRYz0FFwV+BBlS5EiSJT9y3IjS5EmUKTdCpBhT5kyaNW3exJlT
586cLF3+xAiT59CFQon27Ag0Y9KVTZ025UgyKtSWSo0exZpV61auXb0e9Kn0pYKv
R6+WlWhRbMuOYZ++VSv7cqpcqEzFnkWbV+9evn1rql0blKzfm3gJg00KNHFgxo0d
B1489vBkypUtcwW81vDlooM5V4ycEu5o0qVXKvb8WfVq1qwzo24dcXPl12NN38YN
9+fs2L19/85aW/JXAMUBEDSOtLfwx82dP2/MG/h06tVjMp+aNzlyndInY4ceXvxz
79bNn0f/sPZHvceLc1fuG/x4+vV3p06fX396t/jLuj/unwALMm7AtPxzLTT7FmTQ
IwT3gzDC3+J60KsA3zPwPQENdKi87+ZrMMTm2JOwRBOXI5GvAbdD7kIOG/LwQwVF
pPGxGE/EMcevbiRqRQ1bBHIiHgkDsUYjXRr7Ukcll9wpSZ4yhDLIA6sr8kgro2Iy
Sy13rPC/g6LckCIn+wrrSjOXGnNLNddMKE2cWBTwSzhl6zLBGc80MkU29+RzJjdV
+3OvMvHMM9A+D1XS0MsUzWtQQkPUE1FJJ0XsREYbrfJR8i6ltNP8OP3w00w1ZSxS
T089FNTDVEXLUVKdMxVVWdlk1a9ay3L11ehunbXX1ngVtE7qRtVVI2B9RfazYzGV
EKRiIYs1WWl1XLZVYal09lkkQZq22yyrxfVa87LV1kFwvUWXr3O9WjdcYmnkNl15
qRUX2yXJfTTeefe1tN5h/eUvpCtF4rfgfg/WUi4RRzK44RLbxQz84AgFro9ghy9u
VuIJNZ4YX1j1xTjk/SDeimTacgNZZJVFRVhSlFeGeWSOUYy5ZptpNtHkm3fmGbSW
ewY6aGt/Frpoo82aOTadj2ba4KWRbjpqqWl6mqiqp8Ya2at52jprr0/turukvyY7
5rDjY6jAN3/s6kWEwCw7blvHTjAitm26eyu3vzQob7n/5pJohfyeifCjDJcScMWD
FTwhDZPDkO0CJfcxcgA3fFFtyCu3nHMAOW/x8sVH/4vu1aT7cfPEH/cxSMvDhN31
z2NnXUrKZQ89dtJ3nzLna1N3cfXgcQ+zdt1rN153zAkE0/jkeYeeobNxQr112G+n
3UXN+4enfHvbWwe+b+7Hj778zhp/2/rnk3/++uETd5954o8nP37z7/fZd7vVf99+
/0Vf34r+N7vsxcl+ztsb/ng3vcIIa3uvY9HkmMe6zi0PTg8koPvUJjsKai+DCiwf
A23CKcSB0IToEWHpsFLCE7bwX+i7yQZdOMPzpJBqpqNhDjMGQx32cEs29BMOfTjE
cQmRM0AkYhK5ZsRFMVGJT6yb/qA4RRwh8ToSmxwLn6RFx1HRh1YUk8bCR5wENqSM
XlQgGIUkRrhxhYtyQqMO1di7mGAvdJ+b0wOVJ8EJzg54c4ojCOdIp8LBDXnvO6To
Bggk1cEvkCYcZIfYKD75+xUPkcFj3yUZqclHujCSMJpkJTHXyD+Skn99jNz3OulJ
J56skJSEXybhWEBaVnKMq4RkKynDo1vSbpHckWUtAQg+XApSl6GqYxbT10EOYXB5
dyzlKJ+pvGKG8JiruqYoq7lNmXxSetl0JDfFCUoe6kSG40Tn+aSYTnaSCZzubGc8
GbdOedazK95Upz31qRV8KqSf+zRmOQE60CAKlKAHpeMOEbpQFdKToQ9NaMcgOtGI
QuifFF3cRSuFUY626Z3q+mhHH6nR/InUpCQtCEpN6jWVqmelJw2pXlA2U5rW1KY3
xWlOdbpTnvbUpz8FqsUeFlSiFtWoR0VqUpW6MVSm9vSlT4VqVKU6VapW1apXxWpW
tbpVrnbVq18Fa1jFOlayltWsZ0VrWtW6VraaJyAAIf7lVGhpcyBmaWxlIHdhcyBj
cmVhdGVkIGJ5ICAgIA0NR3JhcGhpYyBXb3Jrc2hvcCBmb3IgV2luZG93cyAxLjF1
DQ1mcm9tIEFsY2hlbXkgTWluZHdvcmtzIEluYy4NUC5PLiBCb3ggNTAwDUJlZXRv
biwgT250YXJpbw1MMEcgMUEwIENBTkFEQQ0NVGhpcyBpbWFnZSBtYXkgaGF2ZSBi
ZWVuIGNyZWF0ZWQgYnkNYSBwYXJ0eSBvdGhlciB0aGFuIEFsY2hlbXkgTWluZHdv
cmtzIEluYy4NDVVzZSBubyBob29rcwA7
------------fuoQb2kb5IV8FKnbT51jdA--