BSides Glasgow 2018 - Nigel Pentland - Cracking Mainframe Passwords

my name is Nigel Pentland I have an association with mainframes and passwords from going back Who am I i authored an article many years ago I was 2003 describing how a rocket handles passwords which is to do with mean flames I got an acknowledgment as a reviewer of the book which I think why not somebody did actually mention that book to me earlier today I don't know if they realize there was a reviewer or that I was great in a sheet when I was asked to review that before it was published and I'm also the developer of a utility for brackish snow which probably most people never heard of but you might understand a bit more about it by the end of this

talk and write define mainframe in this context basically I'm talking about an IBM mainframe which depending on whether you're American or not Americans tend to call it system Z ecosystems they'd sit back they have various other systems by later so that your es 400 now became system I I think I'm excited but in this context what I'm talking about systems aid and in particular running z-waves 8 operating system and as part of that it has a thing called rocky F which is the resource access control facility which is basically the part of the subsystem that handles security now I'm guessing most people in this room don't know too much of it mainframes right the pivot as

simply as I can we're Windows and UNIX have most of the security embedded in the file system rocky doesn't rock f is a standalone database which is basically a database of security rules and that determines what's allowed and what's not allowed so it's a very crucial part of the whole operating environment especially from a security point of view define password in this context in this context password is an eight character or up to eight characters mainframes passwords we're up to eight characters no more and typically these days analysts depending it can be uppercase alpha numeric and what they call three national characters that's you're a fool character set for passwords in default oak box bracket they do have a thing

called passphrases which was introduced in more recent years that's a completely separate thing and I'm not being near that I'm not going to talk about pass phrases its face to see there was a survey done back in 2013 and 80% of mean frames that were in that sort of a when using or planning to use pass phrases so I'll park that one for me the are starting to become more popular people are looking to implement them but the uptake is slow so for the moment I'm just going to concentrate on passwords and just to sort of trying a little bit more of a framework round what I've just described you've got Rock Air Force Istanbul and

database but then Z dos PSO is time trading option which is your kind of stereotypical menu interface logo and environment in UNIX you log on shale and mainframe you log on each year so there's also thing called UNIX system services TSO think of it as native mainframe the UNIX system Services is basically a unique subsystem which is completely POSIX compliant so if you consider user and how user would access a system a user typed entity a so they get a log on screen presented from the TSO subsystem TSO then as he trusted tasks was off and speaks to rack F and says I've got this user ID who's presented me this password do I let them

on yes or no ROC F gives a an answer back and the user either gets signed on or they get a some type violation screen saying go away you're not getting them likewise if we consider it from a UNIX system services somebody's trying to log on to what looks like a UNIX prompt on a mainframe same business the UNIX system services task was off to rakia Frank F comes back says there you go so all that's telling is part for anything else is racket is not only the repository of all the security rules for authorization it's also the repository for all the user ID information for authentication so your user IDs and passwords are all

stored in a cave just means one nice repository that you can ruin fill your boots with Frank if password timeline this is looking at the significant events in rack if relating to passwords there's lots of other significant stuff like if there's other things that it looks after certificates it does all sorts of rules except on doing here is considering what other significant milestones in relation to passwords since rack F was created it was first in 1976 and it used the password hashing algorithm that used was a thing called password masking which was our proprietary in-house IBM method of password hashing the N in 1984 added what they called des password hashing which is using the data encryption

standard we'll come back to that and then in 1994 they then made the days encryption password hashing the default so basically the main set of the mainframe fraternity is you don't break things you bring out new versions and they shouldn't break what went before so in terms of days yeah that's very well add days is a new option for password hashing but they were very reluctant to make it the default because that might break it for some people but in that 10 years between 84 and 94 basically there was a fairly extensive industry of auditors going round saying I've come to order your mainframe Wow have you changed the default setting from masked passwords today's passwords yes ok tip

if not hold it failing get it sorted most people moved today's or compared to that then 2005 the introduced mixed case passwords again that's in as an option and it's up to the mainframe short in question to enable or turn on and activate that option we were various other things added at the same time but the main thing was Mexico's past words in 2014 we have this thing called an e power which is an authorized program and now assess report and I had to memorize that for this talk one of those things you normally never remember everybody is talks about a powers it's the acronym lingo or mainframes but basically that if you like a bug-fix in

in essence that would put to add new functionality and that's very significant and we'll come back to that what's more an ASIC there's a company in the States Robert Hansel who are a form of consultants and one of the things that both hands will does every month is he puts a survey amongst the mainframe community particularly I gave community the security people and said good answer these questions and they're all answered anonymously and he then creates the results and publishes the results and the cymbidium chasing ones now that one was January 2012 and the simple question was say crops mix keys so say tie ropes or say crops is the command used to say track F options to say global options so

minimum password lanes all sorts of things whether or not eternal mix keys so will it actually on a mix case or will it just convert everything to Upper Keys an answer came back over three quarters was no no that's 2012 that was seven years after IBM added makes key to option to rack if kind of tells you that generally speaking things don't move that quickly in the mainframe community but the mainframe develops and progresses like any other platform a fear or greed has to be saved there's some pretty leading-edge technology in the mainframe but that's kind of makes you wonder now this analysis program authorized report one of the things that are particularly interesting about this well there's two

main things that ads in terms of functionality all of the small stuff but one thing was added a new password hashing function so we started off with masking we then went to days and now we're going to this K DAF AES which is using key derivation with AES which is I believe an implementation of the PBE KDF two kind of generic algorithm which is being the kind of base practice and then the other thing it did was they added a bunch more spatial characters so we know that 14 special characters again that are available as an option you can turn these on but no requirement to it's up to you and they produced a fairly

comprehensive document manual detailing all of us know that's all well and good now the other thing about a power rocket have a website which describes IBM already have a website which describes the history of racket and there's a hold of milestones all the significant things that warn in in racket and you look down and is a whole host of features enhancements that happen year-on-year it's constantly being improved and developed quite a read so it seems strange that we should have something that is an e par no is what point here that that is the only power in the entire history timeline of racket because normally something like this comes along Shadid it's developed it's rolled into

the next release of racket and appears as a new feature it doesn't get released as an EP as in we have a effects pack that you can go and apply this feature on to your existing system and basically retrofit now again just reinforcing the whole kind of time scale of this 1976 from Rocky F kMO we had eight years when it was using masking we then had the ability to use days not everybody would use it but so on for 30 years and then in 2014 we have the additional option of saying well actually we've got something better than days now we can use KDF AES so kind of shortly that day's has served a long and useful purpose but there's

kind of more to the story if we kind of take down a bit but just a little history on days days was originally formalized as a federal information processing standard a standard basically American standards in 1977 it's been released or updated a number of times the most significant one being 1999 when Triple DES was yeah it's okay to use Triple DES which is a particular way of using days that is more secure than just days but single days was deprecated so that basically is kind of if you like the beginning of the end of days that people were saying in 1999 not computing power has moved on so much that an algorithm which relies in the 56 bit key

is now no longer strong you know it hadn't been broken Percy it's just that the speed of computing has got so powerful that it's kind of overtaking the design of the original days and then in 2005 coincident I don't hit the same of when the mixed case password came out it was withdrawn formally there this is where I go off on to a slight tangent just because it's one that fascinated me for for various reasons and see if it has the same in sheet for you or not that chap via and that chap they are sort of connected in my brain in a way he worked for Volvo and he worked for IBM I don't know if anybody's got any

recollection or realized where I'm going with this that's a guy called Nils Bullen I think that's how you pronounce it and that's horst feistel Nels born was the engineer who came up with the three-point seatbelt and horst feistel came up with a thing called Lucifer and Lucifer of course is what became new in those days because IBM basically gave over to become federal information standard and as part of doing that as with Volvo in both these cases you have commercial companies which made a discovery of the development which was of huge significance and in both cases they decided that an interest of safety or for the greater good that they would relinquish all the intellectual property

on it in the case of Volvo they said look we know this is going to save so many lives we want all car companies to use this so the debt actually patent it but they said we're granting a license to everybody to use this No Fee and likewise IBM did the same which is why days became flips in 1977 and it's fairly rare that you get that it was quite interesting looking into this because on the seatbelt side seatbelts had been that was in 1959 seatbelts had been getting fitted to cars for about ten years prior to that and what they discovered was that in high speed crashes a lap belt did more harm than

good and there were it didn't really solve a problem and or an awful lot of fatalities and really bad injuries and the three-point seatbelt the deccan has now received at least a million lives since that time it's just quite staggering but anyway it's all around the fact that in both these things like corporate companies that actually do the the good thing as far as the populations can say and neither available free of charge hey I mentioned days in terms of days is used as a hashing algorithm more specifically what happens is you've got an input data you've good pates key and you've got Oakleigh data the password becomes the key the user ID is used as

an input data you crank the handle and out pops your password hash so in effect what you're doing is you're using the user ID as a sole so that if two users have the same password they both end up with different hashes unlike Microsoft Windows in the original sound via trace where if you for two users with the same hash or they both get same password so from very early on IBM did actually do a pretty decent job of that it's just a shame that they've overtaken my time and well they should probably have been replaced sooner but wasn't so that's kind of the days but so most passwords that are out in the mainframe

world unencrypted with days this is a look at some of the rocky of cracking software that's out there that was cut my sir and Peter gold s produced the first one that I'm aware of that was made freely available to people that was a mainframe program ran on the mainframe I'm not quite sure how they got away with it a little cut I think was a previous employee of IBM's before he left them and I produced one in 2000 called clack F which was a pc-based one mm tariff al-asad the Frenchman he's French he's now in Switzerland I think he produced one which was a free one which again ran on the mainframe and I

think he ruffled a few feathers at IBM when he did that although in tracing with his particular program has to run in what they refer to as an authorized state an IBM so basically at Ryan as a privileged program and you have to have fairly significant privilege to be able to do that so he doesn't think that that was a major problem because if somebody had that level of privilege the fact they had a cracker program was the least of your worries but anyway weak world was one that I came up with in 2003 basically because I had a lot of auditors contact me saying look cave displays the passwords can you do one that doesn't display any passwords

so they wanted a cracker that could crack passwords that didn't display passwords interesting so that was where we came from then I completely redid it in 2012 and produced one called Rock F snore which does basically allows you to take a dictionary and through a racket database and see how many asked what you can get I provide it complete with a sample dictionary and I know that a number of people in the mainframe fidelity have said to me they were quite surprised and in place that how much how many passwords they would actually get when they just took a test system downloaded it as is complete with the sample dictionary threw at it and dead a

password crack on it and I'm tempted to see it's not rocket science but it was rocket science because what the way actually did it was NASA the time had our website where you could go in the invited people to rate messages to go up and one of the rockets and most of it was named so people put all the memes and this thing so I downloaded all these names and of course it was very multicultural because you've got lots of VOSH name son name whose names that didn't really quite know and I basically went through it and typically anything over it can I just lose that you can feel it quickly Whittle it down into

something that's quite usable and that's basically just using memes but it's surprisingly successful across various areas then in 2012 dodo Kolya and Phil Young did somewhat to get it added to join the rapper so join the rapper can do what it calls Rock a hacking clacking whatever which is as I say on the dais password hash around 2012 was the first version of a thing called epass which is enterprise password assessment solution guy called Kosta nan - that's an interesting piece of kit that basically is a cracker box it's an appliance which sits on a corporate network and tries to gather up passwords from wherever it can you can setup interfaces that you can actually feed it

databases from your corporate infrastructure from Microsoft from unit or from infant and it can also just basically scavenge whatever it can see off the network so anything that's going and clear across the network it will see all there's a user ID and password I'll see if I can crack that that is quite significant I suppose them the main thing with that one is that's the only bit of kit that I'm aware of at the moment that will do everything as in it also does password freezes as well they've added and it does AES KDF etc does the whole war anyway 2014 it was added to hash cap which was actually a change request that I raised and

supplied them all the information they needed 2017 I wrote a program called rack F on mask but you will make sense in a minute why that was the case and shortly afterwards Chad reckons root did one called masking brute force but he did a similar thing for basically finding out the mask passwords which might think as a bit of a backward state but all become Queen the minute so another rakia if softly this was in March 2018 so this is very current and asked a couple of questions and the questions are late but the way our plans were presented the answers I wasn't quite so sure oh you'll see why in a minute his KDF EES option available on

production and yeah okay more than half said it's available on production then he said whether it's available is it active has it actually been enabled and turned on and it's slightly better and I thought I don't like a spin on that personally no when I've just shown you the fight apps but when both hands will put sees results oh he also provides a table showing the actual numbers of the responses no attribution as to who gave the responses but he gives the numbers now on that first one it's a total sample size of 53 mainframe sites of which 19 have no kts available so 34 have mixed availability so 34 with next availability and aides are not active

that means base case scenario is that 26 saves over 53 I've got KDF a year so and that's less than half that's not the picture that is booting and I thought a superb example of how somebody can spin the figures that make them look an awful lot better than they are so we're talking half of all mainframes now that's four years on from when it was released so KDF comes out 2014-2018 four years later only half of all mainframe sites I've actually found this on let's get you wondering so look recap we started off with masking in 1976 1984 we got the day's option available next case was added 2000 five Mitsuki survey said that

three-quarters when using it 2014 out came KDF AES 2018 with the survey that says but half of them are using it so for there that was seven years that point and there was very little opti lace in the quarter and yet in these four years we've had 50% something starting to move a bit quicker or there's something that we're not quite being aware of here being in Maine that that was what was referred to as a EPR which is basically a patch so there's more to their story 2014 IBM came out with a what they refer to as a statement of general direction which is kind of what they do thee they will see this is what we're going to do and by

that point they've got all well planned out and they know where they're going they're just making sure the customers are coming with them so the statement of general direction and it was the first time anybody had put the eyes on this expression which the coin called enhance track a password encryption algorithm the first time they'd ever mentioned that was 2014 and fabulous the e-power was released in October now that was one significant piece of coding they made some major changes to the way racket handle passwords and we had stores passwords in the database and words of other stuff that didn't just happen overnight it kind of tells you that there's more to it and as I said it's

the only a path to appear on the milestone in history of rakija in its development so something significant happened about that time and somebody might just know where I'm coming out with this one does anybody recognize the term Belaga no okay basically that Swedish for appendix or attachment and if you want to know more about it go inset recce leaks for the world belaga last time I did that I got two hits and there's some very interesting reading there all of which is highly confidential of course it relates to an incident which took place between March 2012 and September 2012 so it was a major hacking incident that took place involving a mainframe and the

report that is on Wikileaks is dated February 2013 and that basically IBM's response was in 2014 IBM were heavily involved in the whole investigation and follow-up to what happened Galaga it's the first ever prosecution for hacking mainframe where somebody was actually prosecuted and successfully prosecuted and currently serving time I think for having hacked a mainframe a person equation is a guy called Godfrey's far home I think that's how you pronounce it his handle is alias was anakata he was one of the cofounders of Pirate Bay very capable individual very brave guy just kind of ashamed some of what he did they went after Nord their bank and they also went after the Swedish government the mainframes typically

hold a lot of very significant and important data and that was no exception a bank and a lot the Swedish stuff in one of the systems that was compromised as a witness relocation program not the sort of thing you want to have hit the the internet but anybody who wants to know more about that Phil jung-bae solder a Fortran has a very good presentation I would totally recommend that one that's a link to a slide deck and a PDF slide deck of a talk he gave but he was into lots more information he basically had made a bit of a hobby of that and went and talked to a lot of the investigators and various things and his

talk there is packed full of information about that which is quite an eye-opener puddly recommend that but anyway some quotes from the blog of the poor and why is that of interest apart from the fact that it triggered IBM into significantly beefing up the way in which handlers passwords the point here is the waste holds the mainframe what that paragraphs telling us is that it wasn't the mean point of entry they didn't hack in through passwords initially they hacked in using various 0ds but once they were in the main set of the hacker was how do we make sure we don't got locked oh if somebody discovers us how can we make sure that we keep the keys to the kingdom and it

also makes reference to password analysis where they went and used crack if and during the Ripper I was quite disappointed in that because clack F was weird date at the point when they used that much base of tools but that's what they used and that report references that the the investigators who investigators not hackers are not particularly adept at doing password cracking they played around with it and in a couple of these they managed to crack or thirty thousand accounts now if you see those details about what they actually found you'll find that they found that the hackers had actually managed to crack in excess of a hundred thousand passwords from that deed from from various databases

there were several databases involved in the breach so that's all well and good but it kind of still leaves the question why is proprietary masking still of interest because surely that died over 30 years ago we would like to think so like I say the mine the mainframe mines say is insurer previous stuff doesn't break when adding new stuff but the original masking is so bad in terms of security that as part of the a power only enabled KDF AES that disables password masking so there's a big caveat with the routing that new a parind that says make sure you don't have any mass passwords in your system because if you do it's going to break

so hence that became a bit of our o how do we know if there's any mass passwords on our system and well that's why you then want to be well what is this masking algorithm and Chad reckons rod who's otherwise known as big endian smalls of anybody's than any good going on the internet to do with mainframe security he presented a shield in 2006 and said well here's the algorithm but it's basically the the p1 there's a left shift one you do some exhorting hf4 do some water tolling and then you've got hash and you think okay that's maybe a wee bit tricky to undo or is it because it appears to be a one-way

function now if you put in all these there's 8 YZ and E and episodic which is the the mainframe could say is c1 that then becomes hashed to become D Phi D Phi v5 repeating and likewise if you do that for the early alphabet you see some very easy to spot patterns where the first guy the first column the the the two Latos which is basically Hicks for a single bait is different but they know what X that the same and perhaps here leaf ourselves called back in 2000 he actually wrote an article in a Kiev update which was he's no longer published anymore but that was the kind of journal or birdie for anybody

involved in rocky who were interested in what was happening and then technical tips and hints and all that stuff and he basically said well ok it's not that big a deal because all we can do all we need to do is do a brute force attack on one character at a time and that's the approach that Chad took as well when he was masking group force but I wasn't too keen on but basically this is a good illustration of why you should not try and roll your own clip to use pre-established script or whether it's you know bass back this whether it's days for the CES for the whichever one it is use one of the pre-existing

established ones so if you take that as C 1 so that's hexie one in the first possession as it were-- so as i say it starts off with a left shift so you can I go left shift and you do some exiling I'm not bothering with the exhorting because that just confuses a need your hf4 and you do more air touring now the whole point of showing you that is the yellow sails basically they're going to have changed and that will be a straight look up so I can do a look up on whatever that character is but its life that rated you which is going to impact the first nibble of the next character

which basically means you can come up with a lookup table where you've got your c1 lookup goes to d5 and you've got a masking off set of 3 so if we look at that as an example you've got ATS goes to that vein so the first one we do a lookup and D 5 D 5 which is C yep that's C 1 not problem within C rate we've also got a thirst 3 so we XOR 3 with the first nibble of the next fade oh that becomes D 5 now that thing goes back through to the lookup D fiber c1 cetera so with a lookup table with a mask you can just go and unmask the whole thing

no need for brute force or anything my cord runs a lot quicker than Chad's but then Maine is cooler than hazards and Python script but I just thought that was cleaner I like that but it's a good illustration of how much easier it is to undo something than it is to try and make it that you can figure out what it is trying to do clip 2 and come up with something that is going to remain secret is incredibly difficult so KDF aes now basically the answer is don't know I know it's based on pbkdf2 that has various parameters on it there's a number of iterations that goes through which can be typically somewhere between 8 and 10,000 there's a whole lot

of parameters to that and I know that several people know what that algorithm is because they've reversed engineered that currently it's not known in public on the internet I wish it was if it was I'd be writing a program for it so answers on a postcard when I find that I thought I wonder how many people actually seen a postcard it's a lot a year since I actually wrote a postcard but that's kind of short either it's a bit of an each statement I suppose so that's kind of where we are with that in terms of what you can do in terms of hacking passwords with a mainframe so it kind of summing up or do you think

I paint a singer mainframe for in relation to passwords take for the existence of mask passwords because that's the first thing if they are there and I have come across a mainframe in recent times that had mass passwords on it and I was quite T in the back and of course the thing is most of the passwords one of the things you've got being rain here somebody might have changed the password algorithm from mask today's and if the user ID in question has never been changed in over 30 years it will still be masked so it might be using days now for most of them but you might still have masked passwords in the database

and it's likely to be the system tasks that you really don't want to feel that's why people get paranoid about them quite rightly so so check for the existence of masks passwords check for periodic passwords expiry no doesn't say too much on this but I think as I hear Bill Buchanan seen earlier most people pick passwords with it I was and then two digits on the end and for that very reason national cyber center which is part of GCHQ who all guidelines in 2015 saying do not force password expiry on users I still haven't yet found a corporate that is taken on that advice and yet that advice is quite unequivocal and quite direct and very true because

it's basically on mainframes where you've only got eight characters if you're going to waste to avoid and on numeric digits you've just weakened your password something horrible anyway that's probably another shoebox for anybody use available tools to find evidence a bad pirate password practice which basically is as I say you know join the Ripper you can of hash cat you can evacuation or any number of them available with the exception of KDF EES which hopefully that will at some point get added to some of those generally available tools because in my opinion if this is open and we can keep you honest then so much the better it also means that we can understand better what

the the genuine risks are because I think is better that pain testers and order to use some of these tools and check it out before the bad guys do so I think it's in everybody's best interest and that basically brings me to the end which okay sure Herzog was saying lies but if you there's anybody have any questions anything that's yeah yeah I

think there will be change I just think the main thing likes behind the the one area that I'm most curious about which kind of relates to that last point about this of periodic expiry or of user IDs I had tried to convince people of that in my last employee particularly in a Security Committee that I sat on with which was multi-organizational and what we discovered was the techies who were security people were all in favor of it and we tried to instigate a change to policy and what we discovered was we didn't own the policy the policy was owned by an audit committee and trying to convince the auditors with much much hard though now I put a

question in the RAC F list there's a key F list which is a very good support forum on the internet which you can go in for well whatever and I put a question in that and one of the responses I got back which was interesting was if that's official government guidelines and some of the companies like to Bob Hansel and so on they get a lot of their income from going around doing extent orders of like f installations and the order against the standard and one of the most common standards the order against particularly in America is the nest guidelines there's a nest lockdown standard and somebody asked well if nest because nest have taken a similar view to the UK

government although they are documentation on it is less intelligible but they've taken the same you but somebody said well if they've taken that view and they are not reckon they recommending you don't do it have they updated the nest lockdown document because a lot of people are saying we're not going to take that until we update the nest lock then document because that's the one we go on so there's a whole bit of a time lag between but it seems a long time right because even by mainframes down those last few years I think know why aren't we trying to get better practice another curious one in the mainframe side going slightly off they brought in this new feature called

passphrases some years back and a passphrase was something that was between 14 and 255 characters long and IBM got involved in some fairly vociferous debate and flame wars with various customers because people said but I can't have a password 10 characters long no because that's we can only do passwords 8 characters own if we go to pass phrases we want to do 14 outwards and the logic behind that has the explain was it's a different type of password rule that you apply the password rules for passwords are quite different to the way you do a rule or a passphrase and if a passphrase is as sure as name characters it becomes insecure so they didn't want to do that

but they ended up they were forced more or less that they had to rate to a change that a passphrase he's allowed to don't a name characters because people wanted to be able to see oh you can have anything you want between 1 and 255 which is a bit strange but some people think past faces are that much more effective I'm not convinced when that's slightly scares me is where the British government had put a thing where one of their advices from GCHQ is use three passwords use three words to make up a password there I'm weary of that because as soon as you see it people use three words I don't know if anybody's aware of

it but there's an application called for three words and it's an addressing thing and people are more likely to use what three words that relates to an address that means something to them so if you know somebody or whether their basis or where they work or whatever and you've got the bothy world's app that's kind of a bit of a starting point for trying to attack somebody with a passphrase just concerns me that one of you but because it's just too easy that people will do the easy thing unfortunately yeah

yeah yes basically and as I say I know several people that have reversed engineered that but none of them have been willing to share that I cook with me and I think it's only a matter of time before it does become public knowledge but because in essence what they've had to do is they've had to stick to the standard but there's a couple of tweaks to make it difficult that unless you've got the code to the engineer yeah but I mean well potentially but they won't have changed the core of it they'll have done some I mean even with days for example they did a bit of pea processing on it before they then input it to conventional days

algorithm well no no no the the days was there is what early and is is the pre-processing with the formatted beforehand before putting in today's which doesn't take too much to figure that out he says well in an episodic if you're only looking up a case you effectively lose one column of bit but that one column of bits was in the wrong place so they shifted it to so that it was lined up better so that they didn't lose more information when they came to put it through days so yeah is it was kind of quite logic on quite sensible but like you say it would be nice if they were open with it because otherwise

--is obscurity and I know that in terms of the password phrases there has been a lively debate where the various people think that IBM have weakened the way in which of them into that no I don't have a particularly strong view and either way but I think it's about healthier if it's open and I mean days IBM donated there's an effect to the US government but when it came to AES they basically said yeah that what making an open sound of but this time rather than just having some private conversations between the federal government agency and IBM and so on they made an open competition of it and we come up with the EES and then

subsequently over come up with shower three and yes that seems to what and that's the way to do crypto yes and it's just a shame that IBM are embracing that more in my opinion okay [Applause]