Re: SSL Server needs access to raw HTTP data (Request for adivce)
On Sun, 2007-01-14 at 21:07 +0100, Erik Tews wrote: Am Samstag, den 13.01.2007, 19:03 -0800 schrieb Richard Powell: I was hoping someone on this list could provide me with a link to a tool that would enable me to dump the raw HTTP data from a web request that uses SSL/HTTPS. I have full access to the server, but not to the client, and I want to know exactly/precisely what the client is transmitting. I think http://www.rtfm.com/ssldump/ should do the job. But this only works in some configurations. I believe this only looks at the encrypted stream/protocols. I actually need to look at the unencrypted/decrypted data. As I have access to the server certs and keys, this should be possible. Thanks Richard - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: SSL Server needs access to raw HTTP data (Request for adivce)
On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote: I was hoping someone on this list could provide me with a link to a tool that would enable me to dump the raw HTTP data from a web request that uses SSL/HTTPS. I have full access to the server, but not to the client, and I want to know exactly/precisely what the client is transmitting. snip ... my next solution is going to be to hack the s_server.c file from openssl and add the necessary statements to dump the desired stream. As it turns out, getting the 1st line of the get/post was relatively easy using s_server from openssl. Basically, there's a BIO_gets() that reads the 1st line of input. All I had to do was add a BIO_dump() and recompile. Unfortunately, I can't figure out how to get the subsequent lines from the client (ACCEPT, REFERER, etc...). I assumed I could just do BIO_gets() until zero bytes were returned, but zero bytes are always returned after the 1st call to the function. I suppose I'll locate an openssl list and seek help there. :) Unless someone happens to know the answer. Thanks Richard - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: SSL Server needs access to raw HTTP data (Request for adivce)
Thanks for the responses. I found the solution thanks to one of the suggestions off this list. Basically, just setup stunnel to accept the encrypted stream and forward it to a clear server and then sniffed the stream. Thanks again Richard On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote: Hello, I was hoping someone on this list could provide me with a link to a tool that would enable me to dump the raw HTTP data from a web request that uses SSL/HTTPS. I have full access to the server, but not to the client, and I want to know exactly/precisely what the client is transmitting. I've considered a few options, including eg... using apache_request_header() from php Need to have php installed as module, which I don't. Also, not sure it would give me the complete RAW stream that I want and didn't want to waste my time installing a test server if it wasn't going to fully work. eg... tried using openssl s_server -accept 443 -WWW -debug -msg This option didn't seem to display/dump the raw HTTP stream. I could not locate an option that would enable seeing this information. I've been searching google for hours for some sort of tool to no avail. If I don't find a reasonable/quick option, my next solution is going to be to hack the s_server.c file from openssl and add the necessary statements to dump the desired stream. I'm not too excited about this option, but I suppose if that's the best option I have, then so be it. :) Thanks in advance for any advice. Richard - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Banking Follies
On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote: On Sat, 13 Jan 2007 18:26:52 -0500 John Ioannidis [EMAIL PROTECTED] wrote: Citibank send me periodic reminders to switch to an electronic-only statement so that I am better protected against identity theft. The advice may actually be correct, though of course they have a major financial incentive to persuade you to adopt the scheme even if it isn't. Until they start electronically signing and timestamping their electronic statements, I would much rather have a paper trail from them than from my printer, so that when they (inevitably) screw up my account, it won't be just my printouts against their infallible computers. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Private Key Generation from Passwords/phrases
Joseph Ashwood wrote: - Original Message - From: Matthias Bruestle [EMAIL PROTECTED] What do you think about this? I think you need some serious help in learning the difference between 2^112 and 112, and that you really don't seem to have much grasp of the entire concept. Please omit all 2^ besides in the 2^24. This should make you feel better. [most offensive parts deleted] time units are inconsistent. Basically just stop fiddling around trying to convince yourself you need less than you do, and locate 112 bits of apparent entropy, anything else and you're into the world of trying to prove equivalence between entropy and work which work in physics but doesn't work in computation because next year the work level will be different and you'll have to redo all your figures. What we are interested in is time (e.g. secure until 20XX), not entropy. After all we are all in a physical world, also the computers. But for entropy we can buy time. Because physical world changes things have to be redone, e.g. DES - 3DES - AES - ... . So 30 years ago a bit of entropy bought you much time, now not so much anymore. But despite that with the system described in my email the figures don't have to be redone every year. Because the computers (in the physical world) get faster each year the time to bruteforce 3DES and 224bit-ECC gets lower. The relation stays (mostly) the same. The only thing which really changes is the time a user has to wait for recreating his key, which gets lower and lower. He certainly has no problem with that. Maybe you should take James Donald as an inspiring example for you. He raised a valid point, the offline attack using the generally available public key. Matthias -- Matthias Bruestle, Managing Director Phone +49 (0) 91 19 55 14 91, Fax +49 (0) 91 19 55 14 97 MaskTech GmbH, Nordostpark 16, 90411 Nuernberg, Germany - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Private Key Generation from Passwords/phrases
On 1/11/07, Joseph Ashwood [EMAIL PROTECTED] wrote: 112 bits of entropy is 112 bits of entropy...anything else and you're into the world of trying to prove equivalence between entropy and work which work in physics but doesn't work in computation because next year the work level will be different and you'll have to redo all your figures. Hmm. All we usually have protecting us is work. Once a little bit of cipher text gets out, on an SSL session or a PGP encrypted email or the like, that bit of cipher text is enough information to unambiguously determine the key. It may take a lot of work to determine the key but there is no uncertainty left in the key. That is, once used for a bit of encrypting where the cipher text becomes known, the entropy of that key is _zero_. Since there is no unguessibility left in the key, the only thing protecting the cipher text is the amount of work it takes to determine the key. It seems Matthias has realized, prudently, that his system has a weak link at the passphrase and he is looking to strengthen that. The ways to do that include requiring a ridiculously long passphrase or increasing the work required to go from the passphrase to the key. Both methods Matthias has chosen increase the work required to break the system. As James pointed out, the proposed 76-bit passphrase is a bit much to expect anybody to remember and it is always better to not derive keys from passwords when the system allows. -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
It's a Presidential Mandate, Feds use it. How come you are not using FDE?
An article on how to use freely available Full Disk Encryption (FDE) products to protect the secrecy of the data on your laptops. FDE solutions helps to prevent data leaks in case the laptop is stolen or goes missing. The article includes a brief intro, benefits, drawbacks, some tips, and a complete list of FDE solutions in the market. http://www.full-disk-encryption.net/intro.php - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: How to leak a secret and not get caught
More information, and questions about the validity of the project: http://it.slashdot.org/article.pl?sid=07/01/11/1859218 http://cryptome.org/wikileaks/wikileaks-leak.htm http://cryptome.org/wikileaks/wikileaks-leak2.htm Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PeterThermos Sent: Friday, January 12, 2007 9:54 PM To: cryptography@metzdowd.com Subject: How to leak a secret and not get caught FYI: Leaking a sensitive government document can mean risking a jail sentence - but not for much longer if an online service called WikiLeaks goes ahead. WikiLeaks is designed to allow anyone to post documents on the web without fear of being traced. http://www.newscientist.com/channel/tech/mg19325865.500-how-to -leak-a-secret -and-not-get-caught.html Peter - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
analysis and implementation of LRW
In the last couple of days I have been considering implementing an LRW mode for CGD (http://www.imrryr.org/~elric/cgd) (CryptoGraphic Disk), but I haven't really seen a lot of cryptanalysis of it or found the canonical implementation. Has anyone here done the research? And if it is generally accepted as secure, is there a recommendation of an implementation that is BSD (or similar) licensed? Thanks, -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
On Mon, 15 Jan 2007 08:39:18 -0800 Saqib Ali [EMAIL PROTECTED] wrote: An article on how to use freely available Full Disk Encryption (FDE) products to protect the secrecy of the data on your laptops. FDE solutions helps to prevent data leaks in case the laptop is stolen or goes missing. The article includes a brief intro, benefits, drawbacks, some tips, and a complete list of FDE solutions in the market. http://www.full-disk-encryption.net/intro.php I'll turn it around -- why should you use it? In most situations, disk encryption is useless and probably harmful. It's useless because you're still relying on the OS to prevent access to the cleartext through the file system, and if the OS can do that it can do that with an unencrypted disk. It's harmful because you can lose a key. (Your web page does address that, but I'm perplexed -- what is challenge/response authentication for key recovery?) Disk encryption, in general, is useful when the enemy has physical access to the disk. Laptops -- the case you describe on your page -- do fit that category; I have no quarrel with disk encryption for them. It's more dubious for desktops and *much* more dubious for servers. (Caveat: I'm assuming that when you dispose of systems, you run DBAN or some such on the drives -- if not, we're back to the physical access threat.) --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
On Mon, 15 Jan 2007 08:39:18 -0800 Saqib Ali [EMAIL PROTECTED] wrote: An article on how to use freely available Full Disk Encryption (FDE) products to protect the secrecy of the data on your laptops. FDE solutions helps to prevent data leaks in case the laptop is stolen or goes missing. The article includes a brief intro, benefits, drawbacks, some tips, and a complete list of FDE solutions in the market. http://www.full-disk-encryption.net/intro.php On Tue, 16 Jan 2007, Steven M. Bellovin wrote: I'll turn it around -- why should you use it? In most situations, disk encryption is useless and probably harmful. [[cogent arguments snipped]] A further point: Do you really want the granularity of your encryption to be one key per disk? I much prefer a cryptographic file system which lets me have separate keys for separate categories of information (eg one key for my tax forms, a different key for company-confidential project stuff, a different key for old love letters, still another one for My Secret Plan For World Domination, etc etc). These might all live on the same laptop, but they probably need quite different key policies. ciao, -- -- Jonathan Thornburg -- remove -animal to reply [EMAIL PROTECTED] Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), Golm, Germany, Old Europe http://www.aei.mpg.de/~jthorn/home.html Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
On Tue, 16 Jan 2007, Steven M. Bellovin wrote: [[about full-disk encryption]] In most situations, disk encryption is useless and probably harmful. It's useless because you're still relying on the OS to prevent access to the cleartext through the file system, and if the OS can do that it can do that with an unencrypted disk. Yes, encrypted disks aren't much good unless the OS also encrypts (at least) swap space. I note that OpenBSD ships with swap-space encryption turned on by default. The encryption is done in software using Rijndael. On modern hardware the performance hit is minimal (compared to the cost of the disk access). See http://www.openbsd.org/papers/swapencrypt.ps for a discussion of the security model. ciao, -- -- Jonathan Thornburg -- remove -animal to reply [EMAIL PROTECTED] Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), Golm, Germany, Old Europe http://www.aei.mpg.de/~jthorn/home.html Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote: Disk encryption, in general, is useful when the enemy has physical access to the disk. Laptops -- the case you describe on your page -- do fit that category; I have no quarrel with disk encryption for them. It's more dubious for desktops and *much* more dubious for servers. As governments widen their definitions of just who is a potential threat it makes increasing sense for citizens engaged in previous innocuous activities (especially political and financial privacy) to protect their data from being useful if seized. This goes double for those operating privacy-oriented services and their servers. As an example, when TOR servers were recently seized in German raids (with the implication that they were being used as conduits for child porn) the police knew enough to only take the hot-swap drives (which were encrypted and therefore paper weights after removal) if only for show. The main loss to the operators was repair to the cage locks. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
On Tue, 16 Jan 2007 07:56:22 -0800 Steve Schear [EMAIL PROTECTED] wrote: At 06:32 AM 1/16/2007, Steven M. Bellovin wrote: Disk encryption, in general, is useful when the enemy has physical access to the disk. Laptops -- the case you describe on your page -- do fit that category; I have no quarrel with disk encryption for them. It's more dubious for desktops and *much* more dubious for servers. As governments widen their definitions of just who is a potential threat it makes increasing sense for citizens engaged in previous innocuous activities (especially political and financial privacy) to protect their data from being useful if seized. This goes double for those operating privacy-oriented services and their servers. As an example, when TOR servers were recently seized in German raids (with the implication that they were being used as conduits for child porn) the police knew enough to only take the hot-swap drives (which were encrypted and therefore paper weights after removal) if only for show. The main loss to the operators was repair to the cage locks. Legal access is a special case -- what is the law (and practice) in any given country on forced access to keys? If memory serves, Mike Godwin -- a lawyer who strongly supports crypto, etc. -- has opined that under US law, a subpoena for keys would probably be upheld by the courts. I believe that British law explicitly mandates key disclosure. And of course, there's always rubber hose cryptanalysis in jurisdictions where that's acceptable. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Dr. Bellovin, In most situations, disk encryption is useless and probably harmful. It's useless because you're still relying on the OS to prevent access to the cleartext through the file system, and if the OS can do that it can do that with an unencrypted disk. I am not sure I understand this. With FDE, the HDD is unlocked by a pre-boot kernel (linux). It is not the function of the resident OS to unlock the drive. It's harmful because you can lose a key. (Your web page does address that, but I'm perplexed -- what is challenge/response authentication for key recovery?) Challenge/Response password recovery, as I understand, is a very simplified implementation of Secret Sharing. It allows for 2 parties, in this case the IT HelpDesk and the User, to collaborate and recover a Secret. 1) Upon forgetting the password, the user calls the Help Desk. 2) The IT Help Desk authenticates the user in the usual ways (e.g. check office voice mail etc), as the policy dictates. 3) Once authenticated the user give the partial secret to the HelpDesk. 4) The HelpDesk then combine it with the secret they have to produce a temporary password. 5) The temporary password is then used to unlock the HDD once, and new credentials are created. -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Legal access is a special case -- what is the law (and practice) in any given country on forced access to keys? If memory serves, Mike Godwin Yup. Disk Crypto has a ugly side as well, as highlighted by the recent incident where FBI was unable to crack the encryption used by a pedophile and murderer. There was a long discussion on this topic on the Security-Basics mailing list: http://www.xml-dev.com/lurker/thread/20061020.173753.ee4c6a0c.en.html#20061020.173753.ee4c6a0c saqib http://www.full-disk-encryption.net - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
On Tue, 16 Jan 2007 08:19:41 -0800 Saqib Ali [EMAIL PROTECTED] wrote: Dr. Bellovin, In most situations, disk encryption is useless and probably harmful. It's useless because you're still relying on the OS to prevent access to the cleartext through the file system, and if the OS can do that it can do that with an unencrypted disk. I am not sure I understand this. With FDE, the HDD is unlocked by a pre-boot kernel (linux). It is not the function of the resident OS to unlock the drive. Not necessarily -- many of my systems have multiple disk drives and file systems, some of which are on removable media. Apart from that, though, this is reinforcing my point -- what is the threat model? It's harmful because you can lose a key. (Your web page does address that, but I'm perplexed -- what is challenge/response authentication for key recovery?) Challenge/Response password recovery, as I understand, is a very simplified implementation of Secret Sharing. It allows for 2 parties, in this case the IT HelpDesk and the User, to collaborate and recover a Secret. 1) Upon forgetting the password, the user calls the Help Desk. 2) The IT Help Desk authenticates the user in the usual ways (e.g. check office voice mail etc), as the policy dictates. 3) Once authenticated the user give the partial secret to the HelpDesk. 4) The HelpDesk then combine it with the secret they have to produce a temporary password. 5) The temporary password is then used to unlock the HDD once, and new credentials are created. I wouldn't call that challenge/response, I'd call that key escrow. Key escrow isn't a bad idea for storage encryption, but you need *really* good authentication mechanisms for the backup channel. Visualize this phone call to the help desk: Hi, I'm Pat, the CFO. I'm in New York for the Board meeting, and my laptop blue-screened and won't reboot -- it's not accepting my passphrase. Help! Of course, more or less by definition, Pat isn't online at that point, so the help desk can't manipulate anything remotely. (I should add that most secondary authentication mechanisms I've seen are garbage, especially when it comes to people on the road. Since we're talking about laptops here, that's a very serious threat.) I don't dispute the need for FDE for (many) laptops. But remember that security is a systems property; it's not something you can get by bolting on crypto. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Yes, encrypted disks aren't much good unless the OS also encrypts (at least) swap space. I note that OpenBSD ships with swap-space I think you are confusing Disk Encryption with Full Disk Encryption (FDE). They are two different beast. FDE encrypts the entire boot drive, including the OS, kernel and the swap space. Disk Encryption, on the other hand, only encrypts the non-OS portion. saqib http://www.full-disk-encryption.net - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Steven M. Bellovin wrote: On Tue, 16 Jan 2007 07:56:22 -0800 Steve Schear [EMAIL PROTECTED] wrote: At 06:32 AM 1/16/2007, Steven M. Bellovin wrote: Disk encryption, in general, is useful when the enemy has physical access to the disk. Laptops -- the case you describe on your page -- do fit that category; I have no quarrel with disk encryption for them. It's more dubious for desktops and *much* more dubious for servers. As governments widen their definitions of just who is a potential threat it makes increasing sense for citizens engaged in previous innocuous activities (especially political and financial privacy) to protect their data from being useful if seized. This goes double for those operating privacy-oriented services and their servers. As an example, when TOR servers were recently seized in German raids (with the implication that they were being used as conduits for child porn) the police knew enough to only take the hot-swap drives (which were encrypted and therefore paper weights after removal) if only for show. The main loss to the operators was repair to the cage locks. Legal access is a special case -- what is the law (and practice) in any given country on forced access to keys? If memory serves, Mike Godwin -- a lawyer who strongly supports crypto, etc. -- has opined that under US law, a subpoena for keys would probably be upheld by the courts. I believe that British law explicitly mandates key disclosure. The situation here in the UK is that Parliament has passed a law (RIPA) that allows the UK government to introduce key disclosure powers if it wishes to do so. So far these powers have not been bought into operation but the UK government initiated a consultation last year on whether it should take this step. We are still awaiting a decision on this. Brian Gladman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Steven M. Bellovin wrote: ... Legal access is a special case -- what is the law (and practice) in any given country on forced access to keys? If memory serves, Mike Godwin -- a lawyer who strongly supports crypto, etc. -- has opined that under US law, a subpoena for keys would probably be upheld by the courts. I believe that British law explicitly mandates key disclosure. And of course, there's always rubber hose cryptanalysis in jurisdictions where that's acceptable. In the UK Part III of the Regulation of Investigatory Powers Act 2000 - see http://www.opsi.gov.uk/Acts/acts2000/2023.htm - includes powers for certain classes of officials to require encrypted materials to be decrypted or to require a key to be provided. There are some safeguards, regarded by some as insufficient. The powers have not yet been brought into force, but the Government intends to bring them into force in the near future. The powers are of course wholly ineffectual where perfect forward secrecy obtains, are of limited value in relation to ephemeral encrypted communications where keys are (or may plausibly be claimed to be) changed frequently or lost, but may be of some real value in relation to encrypted storage media where key preservation, with or without key recovery mechanisms, will obviously be important to most users. Nicholas Bohm -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285(+44 1279 870285) Mobile 07715 419728(+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Banking Follies
On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote: | Anyway -- we're so focused in this group on the Internet that we | sometimes forget about physical world attacks. Theft of financial data | (and financial objects, such as checks and credit cards) from physical | mailboxes (or garbage cans) is quite commonplace, and is -- according to | some -- a more significant vector for identity theft than Internet fun | and games. The Wall Street Journal advised people to use electronic | statements for just that reason (see | http://online.wsj.com/article/SB116830855255470919-search.html?KEYWORDS=%22identity+theft%22COLLECTION=wsjie/6month); | also note the list at | http://www.identitytheftassistance.org/How_Criminals_Steal.html If I had any confidence that my banks would send me emails that I could authenticate, I might take that advice. My banks seem to take pleasure in overcoming every hueristic I can find for authentication, sending emails from arbitrary domains, obfuscating their HTML, etc, etc. At least none (that have made it through my spam filter) have fallen to the level of ATT Wireless (or perhaps they were Cingular at that point) who sent me a Javascript executable email encrypted with my SSN as the key. Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]