Date: Thu, 6 Sep 2018 00:40:24 +0000 (UTC) From: Edson Brandi <ebrandi@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52219 - head/pt_BR.ISO8859-1/articles/ipsec-must Message-ID: <201809060040.w860eO5a083102@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ebrandi Date: Thu Sep 6 00:40:24 2018 New Revision: 52219 URL: https://svnweb.freebsd.org/changeset/doc/52219 Log: pt_BR.ISO8859-1/articles/ipsec-must: New pt_BR translation into .po format * content synchronized with en_US document (rev 44703) * article.xml converted to .po * .po file was translated to pt_BR * .po and .xml file has been set to UTF-8 encoding * information about volunteers who translated and/or revised the document was added to the header of the .po file. Approved by: gabor (mentor, implicit) Obtained from: The FreeBSD Brazilian Portuguese Documentation Project Differential Revision: https://reviews.freebsd.org/D16990 Added: head/pt_BR.ISO8859-1/articles/ipsec-must/ head/pt_BR.ISO8859-1/articles/ipsec-must/Makefile (contents, props changed) head/pt_BR.ISO8859-1/articles/ipsec-must/article.xml (contents, props changed) head/pt_BR.ISO8859-1/articles/ipsec-must/pt_BR.po (contents, props changed) Added: head/pt_BR.ISO8859-1/articles/ipsec-must/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/pt_BR.ISO8859-1/articles/ipsec-must/Makefile Thu Sep 6 00:40:24 2018 (r52219) @@ -0,0 +1,24 @@ +# +# The FreeBSD Documentation Project +# The FreeBSD Brazilian Portuguese Documentation Project +# +# $FreeBSD$ +# +# Article: IPSec MUST + +MAINTAINER=ebrandi@FreeBSD.org + +DOC?= article + +FORMATS?= html html-split +WITH_ARTICLE_TOC?= YES + +INSTALL_COMPRESSED?= gz +INSTALL_ONLY_COMPRESSED?= + +SRCS= article.xml + +URL_RELPREFIX?= ../../../.. +DOC_PREFIX?= ${.CURDIR}/../../.. + +.include "${DOC_PREFIX}/share/mk/doc.project.mk" Added: head/pt_BR.ISO8859-1/articles/ipsec-must/article.xml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/pt_BR.ISO8859-1/articles/ipsec-must/article.xml Thu Sep 6 00:40:24 2018 (r52219) @@ -0,0 +1,278 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN" "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd">; +<!-- + The FreeBSD Documentation Project + + $FreeBSD$ +--> +<article xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:its="http://www.w3.org/2005/11/its" version="5.0" xml:lang="pt_BR"> + <info><title>Verificação Independente da Funcionalidade IPsec no FreeBSD</title> + + + <author><personname><firstname>David</firstname><surname>Honig</surname></personname><affiliation> <address><email>honig@sprynet.com</email></address> </affiliation></author> + + <pubdate>1999-05-03</pubdate> + + <legalnotice xml:id="trademarks" role="trademarks"> + <para>FreeBSD is a registered trademark of the FreeBSD Foundation.</para> + <para>Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries.</para> + <para>Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the <quote>™</quote> or the <quote>®</quote> symbol.</para> + </legalnotice> + + <releaseinfo>$FreeBSD$</releaseinfo> + + <abstract> + <para>Você instalou o IPsec e ele parece estar funcionando. Como você sabe? Eu descrevo um método para verificar experimentalmente se o IPsec está funcionando.</para> + </abstract> + </info> + + <sect1 xml:id="problem"> + <title>O problema</title> + + <para>Primeiro, vamos assumir que você tem o <link linkend="ipsec-install"><emphasis>IPsec</emphasis> instalado </link>. Como você sabe que ele está <link linkend="caveat">funcionando</link>? Claro, sua conexão não funcionará se ele estiver mal configurado, e funcionará quando você finalmente acertar a configuração. O <citerefentry> <refentrytitle>netstat</refentrytitle><manvolnum>1</manvolnum></citerefentry>irá listá-lo. Mas você pode confirmar isso de forma independente?</para> + </sect1> + + <sect1 xml:id="solution"> + <title>A solução</title> + + <para>Em primeiro lugar, vejamos alguma informação teórica relevante em relação à criptografia:</para> + + <orderedlist> + <listitem> + <para>Dados criptografados são uniformemente distribuídos, ou seja, possuem entropia máxima por símbolo;</para> + </listitem> + + <listitem> + <para>Os dados brutos, não comprimidos são tipicamente redundantes, isto é, possuem entropia submáxima.</para> + </listitem> + </orderedlist> + + <para>Suponha que você possa medir a entropia dos dados destinados para a sua interface de rede e também dos dados originados dela. Então você pode ver a diferença entre dados não criptografados e dados criptografados. Isso seria verdade mesmo que alguns dos dados no <quote>modo criptografado</quote> não estivessem criptografados --- como deve o cabeçalho IP mais externo para que o pacote seja roteável.</para> + + <sect2 xml:id="MUST"> + <title>MUST</title> + + <para xml:lang="en">Ueli Maurer's <quote>Universal Statistical Test for Random + Bit Generators</quote>(<link xlink:href="https://web.archive.org/web/20011115002319/http://www.geocities.com/SiliconValley/Code/4704/universal.pdf">; + <acronym>MUST</acronym></link>) quickly measures the entropy + of a sample. It uses a compression-like algorithm. <link linkend="code">The code is given below</link> for a variant + which measures successive (~quarter megabyte) chunks of a + file.</para> + </sect2> + + <sect2 xml:id="tcpdump"> + <title>Tcpdump</title> + + <para>Também precisamos de uma maneira de capturar os dados brutos da rede. Um programa chamado <citerefentry><refentrytitle>tcpdump</refentrytitle> <manvolnum>1</manvolnum></citerefentry> permite que você faça isso, se você ativou a interface <emphasis>Berkeley Packet Filter</emphasis> no seu <link linkend="kernel">arquivo de configuração do kernel</link>.</para> + + <para>O comando:</para> + + <screen><userinput>tcpdump -c 4000 -s 10000 -w <replaceable>dumpfile.bin</replaceable></userinput></screen> + + <para>irá capturar 4000 pacotes brutos no arquivo <replaceable>dumpfile.bin</replaceable>. Até 10.000 bytes por pacote serão capturados neste exemplo.</para> + </sect2> + </sect1> + + <sect1 xml:id="experiment"> + <title>O Experimento</title> + + <para>Aqui está o experimento:</para> + + <procedure> + <step> + <para>Abra uma janela para um host IPsec e outra janela para um host inseguro.</para> + </step> + + <step> + <para>Agora comece a <link linkend="tcpdump">capturar os pacotes</link>.</para> + </step> + + <step> + <para>Na janela <quote>segura</quote>, execute o comando <trademark class="registered">UNIX</trademark> <citerefentry><refentrytitle>yes</refentrytitle><manvolnum>1</manvolnum></citerefentry>, que transmitirá o caractere <literal>y</literal>. Depois de um tempo, pare com isso. Alterne para a janela insegura e repita. Depois de um tempo, pare.</para> + </step> + + <step> + <para>Agora execute o <link linkend="code">MUST</link> nos pacotes capturados. Você deve ver algo como o seguinte. O importante é notar que a conexão segura tem 93% (6,7) do valor esperado (7,18), e a conexão <quote>normal</quote> tem 29% (2,1) do valor esperado.</para> + + <screen><prompt>%</prompt> <userinput>tcpdump -c 4000 -s 10000 -w <replaceable>ipsecdemo.bin</replaceable></userinput> +<prompt>%</prompt> <userinput>uliscan <replaceable>ipsecdemo.bin</replaceable></userinput> + +Uliscan 21 Dec 98 +L=8 256 258560 +Measuring file ipsecdemo.bin +Init done +Expected value for L=8 is 7.1836656 +6.9396 -------------------------------------------------------- +6.6177 ----------------------------------------------------- +6.4100 --------------------------------------------------- +2.1101 ----------------- +2.0838 ----------------- +2.0983 -----------------</screen> + </step> + </procedure> + </sect1> + + <sect1 xml:id="caveat"> + <title>Embargo</title> + + <para>Esta experiência mostra que o IPsec <emphasis>parece</emphasis> estar distribuindo os dados de carga <emphasis>uniformemente</emphasis>, como a criptografia deveria. No entanto, o experimento descrito aqui <emphasis>não pode</emphasis> detectar muitas das falhas possíveis em um sistema (nenhum dos quais eu tenho qualquer evidência para). Estes incluem geração ou troca deficiente de chaves, dados ou chaves sendo visíveis para outros, uso de algoritmos fracos, subversão do kernel, etc. Estude a fonte; conheça o código.</para> + </sect1> + + <sect1 xml:id="IPsec"> + <title>IPsec --- Definição</title> + + <para>Extensões de segurança do protocolo Internet para o IPv4; obrigatório para o IPv6. Um protocolo para negociar criptografia e autenticação no nível IP (host para host). O SSL protege apenas um soquete de aplicativo; O <application>SSH</application> protege apenas um login;<application>PGP</application> protege apenas um arquivo ou mensagem especifico. O IPsec criptografa tudo entre dois hosts.</para> + </sect1> + + <sect1 xml:id="ipsec-install"> + <title>Instalando o IPsec</title> + + <para>A maioria das versões modernas do FreeBSD tem suporte a IPsec em sua fonte base. Portanto, você precisará incluir a opção <option>IPSEC</option> em sua configuração de kernel e, após a reconstrução e reinstalação do kernel, configurar as conexões IPsec usando o comando <citerefentry><refentrytitle>setkey</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + + <para>Um guia completo sobre como executar o IPsec no FreeBSD é fornecido no <link xlink:href="@@URL_RELPREFIX@@/doc/en_US.ISO8859-1/books/handbook/ipsec.html">Handbook do FreeBSD</link>.</para> + </sect1> + + <sect1 xml:id="kernel"> + <title>src/sys/i386/conf/KERNELNAME</title> + + <para>Isto precisa estar presente no arquivo de configuração do kernel para habilitar o suporte para captura de dados de rede com o <citerefentry><refentrytitle>tcpdump</refentrytitle> <manvolnum>1</manvolnum></citerefentry>. Certifique-se de executar o <citerefentry><refentrytitle>config</refentrytitle><manvolnum>8</manvolnum> </citerefentry> depois de adicionar a linha, de recompilar e de reinstalar.</para> + + <programlisting>device bpf</programlisting> + </sect1> + + <sect1 xml:id="code"> + <title>Teste Estatístico Universal de Maurer (para tamanho de bloco = 8 bits)</title> + + <para xml:lang="en">You can find the same code at <link xlink:href="https://web.archive.org/web/20031204230654/http://www.geocities.com:80/SiliconValley/Code/4704/uliscanc.txt">; + this link</link>.</para> + +<programlisting>/* + ULISCAN.c ---blocksize of 8 + + 1 Oct 98 + 1 Dec 98 + 21 Dec 98 uliscan.c derived from ueli8.c + + This version has // comments removed for Sun cc + + This implements Ueli M Maurer's "Universal Statistical Test for Random + Bit Generators" using L=8 + + Accepts a filename on the command line; writes its results, with other + info, to stdout. + + Handles input file exhaustion gracefully. + + Ref: J. Cryptology v 5 no 2, 1992 pp 89-105 + also on the web somewhere, which is where I found it. + + -David Honig + honig@sprynet.com + + Usage: + ULISCAN filename + outputs to stdout +*/ + +#define L 8 +#define V (1<<L) +#define Q (10*V) +#define K (100 *Q) +#define MAXSAMP (Q + K) + +#include <stdio.h> +#include <math.h> + +int main(argc, argv) +int argc; +char **argv; +{ + FILE *fptr; + int i,j; + int b, c; + int table[V]; + double sum = 0.0; + int iproduct = 1; + int run; + + extern double log(/* double x */); + + printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP); + + if (argc < 2) { + printf("Usage: Uliscan filename\n"); + exit(-1); + } else { + printf("Measuring file %s\n", argv[1]); + } + + fptr = fopen(argv[1],"rb"); + + if (fptr == NULL) { + printf("Can't find %s\n", argv[1]); + exit(-1); + } + + for (i = 0; i < V; i++) { + table[i] = 0; + } + + for (i = 0; i < Q; i++) { + b = fgetc(fptr); + table[b] = i; + } + + printf("Init done\n"); + + printf("Expected value for L=8 is 7.1836656\n"); + + run = 1; + + while (run) { + sum = 0.0; + iproduct = 1; + + if (run) + for (i = Q; run && i < Q + K; i++) { + j = i; + b = fgetc(fptr); + + if (b < 0) + run = 0; + + if (run) { + if (table[b] > j) + j += K; + + sum += log((double)(j-table[b])); + + table[b] = i; + } + } + + if (!run) + printf("Premature end of file; read %d blocks.\n", i - Q); + + sum = (sum/((double)(i - Q))) / log(2.0); + printf("%4.4f ", sum); + + for (i = 0; i < (int)(sum*8.0 + 0.50); i++) + printf("-"); + + printf("\n"); + + /* refill initial table */ + if (0) { + for (i = 0; i < Q; i++) { + b = fgetc(fptr); + if (b < 0) { + run = 0; + } else { + table[b] = i; + } + } + } + } +}</programlisting> + </sect1> +</article> Added: head/pt_BR.ISO8859-1/articles/ipsec-must/pt_BR.po ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/pt_BR.ISO8859-1/articles/ipsec-must/pt_BR.po Thu Sep 6 00:40:24 2018 (r52219) @@ -0,0 +1,697 @@ +# $FreeBSD$ +# Danilo G. Baio <dbaio@FreeBSD.org>, 2018. #zanata +# Edson Brandi <ebrandi@FreeBSD.org>, 2018. #zanata +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2018-09-06 00:38+0000\n" +"PO-Revision-Date: 2018-09-02 03:03+0000\n" +"Last-Translator: Mauro Risonho de Paula Assumpção <mauro.risonho@gmail.com>\n" +"Language-Team: \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Zanata 4.6.2\n" +"Plural-Forms: nplurals=2; plural=(n != 1)\n" + +#. Put one translator per line, in the form NAME <EMAIL>, YEAR1, YEAR2 +msgctxt "_" +msgid "translator-credits" +msgstr "" +"Edson Brandi, ebrandi@FreeBSD.org, 2018\n" +"Danilo G. Baio, dbaio@FreeBSD.org, 2018" + +#. (itstool) path: info/title +#: article.translate.xml:9 +msgid "Independent Verification of IPsec Functionality in FreeBSD" +msgstr "Verificação Independente da Funcionalidade IPsec no FreeBSD" + +#. (itstool) path: affiliation/address +#: article.translate.xml:13 +#, no-wrap +msgid "<email>honig@sprynet.com</email>" +msgstr "<email>honig@sprynet.com</email>" + +#. (itstool) path: info/author +#: article.translate.xml:12 +msgid "" +"<personname><firstname>David</firstname><surname>Honig</surname></" +"personname><affiliation> <_:address-1/> </affiliation>" +msgstr "" +"<personname><firstname>David</firstname><surname>Honig</surname></" +"personname><affiliation> <_:address-1/> </affiliation>" + +#. (itstool) path: info/pubdate +#: article.translate.xml:16 +msgid "1999-05-03" +msgstr "1999-05-03" + +#. (itstool) path: legalnotice/para +#: article.translate.xml:19 +msgid "FreeBSD is a registered trademark of the FreeBSD Foundation." +msgstr "FreeBSD is a registered trademark of the FreeBSD Foundation." + +#. (itstool) path: legalnotice/para +#: article.translate.xml:21 +msgid "" +"Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The " +"Open Group are trademarks of The Open Group in the United States and other " +"countries." +msgstr "" +"Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The " +"Open Group are trademarks of The Open Group in the United States and other " +"countries." + +#. (itstool) path: legalnotice/para +#: article.translate.xml:25 +msgid "" +"Many of the designations used by manufacturers and sellers to distinguish " +"their products are claimed as trademarks. Where those designations appear in " +"this document, and the FreeBSD Project was aware of the trademark claim, the " +"designations have been followed by the <quote>™</quote> or the <quote>®</" +"quote> symbol." +msgstr "" +"Many of the designations used by manufacturers and sellers to distinguish " +"their products are claimed as trademarks. Where those designations appear in " +"this document, and the FreeBSD Project was aware of the trademark claim, the " +"designations have been followed by the <quote>™</quote> or the <quote>®</" +"quote> symbol." + +#. (itstool) path: info/releaseinfo +#: article.translate.xml:33 +msgid "" +"$FreeBSD: head/en_US.ISO8859-1/articles/ipsec-must/article.xml 44703 " +"2014-04-29 21:06:07Z wblock $" +msgstr "" +"$FreeBSD: head/en_US.ISO8859-1/articles/ipsec-must/article.xml 44703 " +"2014-04-29 21:06:07Z wblock $" + +#. (itstool) path: abstract/para +#: article.translate.xml:36 +msgid "" +"You installed IPsec and it seems to be working. How do you know? I describe " +"a method for experimentally verifying that IPsec is working." +msgstr "" +"Você instalou o IPsec e ele parece estar funcionando. Como você sabe? Eu " +"descrevo um método para verificar experimentalmente se o IPsec está " +"funcionando." + +#. (itstool) path: sect1/title +#: article.translate.xml:43 +msgid "The Problem" +msgstr "O problema" + +#. (itstool) path: sect1/para +#: article.translate.xml:45 +msgid "" +"First, lets assume you have <link linkend=\"ipsec-install\"> installed " +"<emphasis>IPsec</emphasis></link>. How do you know it is <link linkend=" +"\"caveat\">working</link>? Sure, your connection will not work if it is " +"misconfigured, and it will work when you finally get it right. " +"<citerefentry><refentrytitle>netstat</refentrytitle><manvolnum>1</" +"manvolnum></citerefentry> will list it. But can you independently confirm it?" +msgstr "" +"Primeiro, vamos assumir que você tem o <link linkend=\"ipsec-install" +"\"><emphasis>IPsec</emphasis> instalado </link>. Como você sabe que ele está " +"<link linkend=\"caveat\">funcionando</link>? Claro, sua conexão não " +"funcionará se ele estiver mal configurado, e funcionará quando você " +"finalmente acertar a configuração. O <citerefentry> <refentrytitle>netstat</" +"refentrytitle><manvolnum>1</manvolnum></citerefentry>irá listá-lo. Mas você " +"pode confirmar isso de forma independente?" + +#. (itstool) path: sect1/title +#: article.translate.xml:54 +msgid "The Solution" +msgstr "A solução" + +#. (itstool) path: sect1/para +#: article.translate.xml:56 +msgid "First, some crypto-relevant info theory:" +msgstr "" +"Em primeiro lugar, vejamos alguma informação teórica relevante em relação à " +"criptografia:" + +#. (itstool) path: listitem/para +#: article.translate.xml:60 +msgid "" +"Encrypted data is uniformly distributed, i.e., has maximal entropy per " +"symbol;" +msgstr "" +"Dados criptografados são uniformemente distribuídos, ou seja, possuem " +"entropia máxima por símbolo;" + +#. (itstool) path: listitem/para +#: article.translate.xml:65 +msgid "" +"Raw, uncompressed data is typically redundant, i.e., has sub-maximal entropy." +msgstr "" +"Os dados brutos, não comprimidos são tipicamente redundantes, isto é, " +"possuem entropia submáxima." + +#. (itstool) path: sect1/para +#: article.translate.xml:70 +msgid "" +"Suppose you could measure the entropy of the data to- and from- your network " +"interface. Then you could see the difference between unencrypted data and " +"encrypted data. This would be true even if some of the data in " +"<quote>encrypted mode</quote> was not encrypted---as the outermost IP header " +"must be if the packet is to be routable." +msgstr "" +"Suponha que você possa medir a entropia dos dados destinados para a sua " +"interface de rede e também dos dados originados dela. Então você pode ver a " +"diferença entre dados não criptografados e dados criptografados. Isso seria " +"verdade mesmo que alguns dos dados no <quote>modo criptografado</quote> não " +"estivessem criptografados --- como deve o cabeçalho IP mais externo para que " +"o pacote seja roteável." + +#. (itstool) path: sect2/title +#: article.translate.xml:78 +msgid "MUST" +msgstr "MUST" + +#. (itstool) path: sect2/para +#: article.translate.xml:80 +#, fuzzy +msgid "" +"Ueli Maurer's <quote>Universal Statistical Test for Random Bit Generators</" +"quote>(<link xlink:href=\"https://web.archive.org/web/20011115002319/http://" +"www.geocities.com/SiliconValley/Code/4704/universal.pdf\"> <acronym>MUST</" +"acronym></link>) quickly measures the entropy of a sample. It uses a " +"compression-like algorithm. <link linkend=\"code\">The code is given below</" +"link> for a variant which measures successive (~quarter megabyte) chunks of " +"a file." +msgstr "" +"O teste de <quote>Estatística Universal para Geradores de Bits Aleatórios</" +"quote> de Ueli Maurer (<link xlink:href=\"http://www.geocities.com/" +"SiliconValley/Code/4704/universal.pdf\"><acronym>MUST</acronym> </link>) " +"mede rapidamente a entropia de uma amostra. Ele usa um algoritmo semelhante " +"à compressão. <link linkend=\"code\"> O código é dado abaixo</link> para uma " +"variante que mede partes sucessivas (~quarto de megabyte) de um arquivo." + +#. (itstool) path: sect2/title +#: article.translate.xml:89 +msgid "Tcpdump" +msgstr "Tcpdump" + +#. (itstool) path: sect2/para +#: article.translate.xml:91 +msgid "" +"We also need a way to capture the raw network data. A program called " +"<citerefentry><refentrytitle>tcpdump</refentrytitle><manvolnum>1</" +"manvolnum></citerefentry> lets you do this, if you have enabled the " +"<emphasis>Berkeley Packet Filter</emphasis> interface in your <link linkend=" +"\"kernel\">kernel's config file</link>." +msgstr "" +"Também precisamos de uma maneira de capturar os dados brutos da rede. Um " +"programa chamado <citerefentry><refentrytitle>tcpdump</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> permite que você faça isso, se você " +"ativou a interface <emphasis>Berkeley Packet Filter</emphasis> no seu <link " +"linkend=\"kernel\">arquivo de configuração do kernel</link>." + +#. (itstool) path: sect2/para +#: article.translate.xml:97 +msgid "The command:" +msgstr "O comando:" + +#. (itstool) path: sect2/screen +#: article.translate.xml:99 +#, no-wrap +msgid "<userinput>tcpdump -c 4000 -s 10000 -w <replaceable>dumpfile.bin</replaceable></userinput>" +msgstr "<userinput>tcpdump -c 4000 -s 10000 -w <replaceable>dumpfile.bin</replaceable></userinput>" + +#. (itstool) path: sect2/para +#: article.translate.xml:101 +msgid "" +"will capture 4000 raw packets to <replaceable>dumpfile.bin</replaceable>. Up " +"to 10,000 bytes per packet will be captured in this example." +msgstr "" +"irá capturar 4000 pacotes brutos no arquivo <replaceable>dumpfile.bin</" +"replaceable>. Até 10.000 bytes por pacote serão capturados neste exemplo." + +#. (itstool) path: sect1/title +#: article.translate.xml:108 +msgid "The Experiment" +msgstr "O Experimento" + +#. (itstool) path: sect1/para +#: article.translate.xml:110 +msgid "Here is the experiment:" +msgstr "Aqui está o experimento:" + +#. (itstool) path: step/para +#: article.translate.xml:114 +msgid "Open a window to an IPsec host and another window to an insecure host." +msgstr "" +"Abra uma janela para um host IPsec e outra janela para um host inseguro." + +#. (itstool) path: step/para +#: article.translate.xml:119 +msgid "Now start <link linkend=\"tcpdump\">capturing packets</link>." +msgstr "Agora comece a <link linkend=\"tcpdump\">capturar os pacotes</link>." + +#. (itstool) path: step/para +#: article.translate.xml:124 +msgid "" +"In the <quote>secure</quote> window, run the <trademark class=\"registered" +"\">UNIX</trademark> command <citerefentry><refentrytitle>yes</" +"refentrytitle><manvolnum>1</manvolnum></citerefentry>, which will stream the " +"<literal>y</literal> character. After a while, stop this. Switch to the " +"insecure window, and repeat. After a while, stop." +msgstr "" +"Na janela <quote>segura</quote>, execute o comando <trademark class=" +"\"registered\">UNIX</trademark> <citerefentry><refentrytitle>yes</" +"refentrytitle><manvolnum>1</manvolnum></citerefentry>, que transmitirá o " +"caractere <literal>y</literal>. Depois de um tempo, pare com isso. Alterne " +"para a janela insegura e repita. Depois de um tempo, pare." + +#. (itstool) path: step/para +#: article.translate.xml:131 +msgid "" +"Now run <link linkend=\"code\">MUST</link> on the captured packets. You " +"should see something like the following. The important thing to note is that " +"the secure connection has 93% (6.7) of the expected value (7.18), and the " +"<quote>normal</quote> connection has 29% (2.1) of the expected value." +msgstr "" +"Agora execute o <link linkend=\"code\">MUST</link> nos pacotes capturados. " +"Você deve ver algo como o seguinte. O importante é notar que a conexão " +"segura tem 93% (6,7) do valor esperado (7,18), e a conexão <quote>normal</" +"quote> tem 29% (2,1) do valor esperado." + +#. (itstool) path: step/screen +#: article.translate.xml:138 +#, no-wrap +msgid "" +"<prompt>%</prompt> <userinput>tcpdump -c 4000 -s 10000 -w <replaceable>ipsecdemo.bin</replaceable></userinput>\n" +"<prompt>%</prompt> <userinput>uliscan <replaceable>ipsecdemo.bin</replaceable></userinput>\n" +"\n" +"Uliscan 21 Dec 98\n" +"L=8 256 258560\n" +"Measuring file ipsecdemo.bin\n" +"Init done\n" +"Expected value for L=8 is 7.1836656\n" +"6.9396 --------------------------------------------------------\n" +"6.6177 -----------------------------------------------------\n" +"6.4100 ---------------------------------------------------\n" +"2.1101 -----------------\n" +"2.0838 -----------------\n" +"2.0983 -----------------" +msgstr "" +"<prompt>%</prompt> <userinput>tcpdump -c 4000 -s 10000 -w <replaceable>ipsecdemo.bin</replaceable></userinput>\n" +"<prompt>%</prompt> <userinput>uliscan <replaceable>ipsecdemo.bin</replaceable></userinput>\n" +"\n" +"Uliscan 21 Dec 98\n" +"L=8 256 258560\n" +"Measuring file ipsecdemo.bin\n" +"Init done\n" +"Expected value for L=8 is 7.1836656\n" +"6.9396 --------------------------------------------------------\n" +"6.6177 -----------------------------------------------------\n" +"6.4100 ---------------------------------------------------\n" +"2.1101 -----------------\n" +"2.0838 -----------------\n" +"2.0983 -----------------" + +#. (itstool) path: sect1/title +#: article.translate.xml:157 +msgid "Caveat" +msgstr "Embargo" + +#. (itstool) path: sect1/para +#: article.translate.xml:159 +msgid "" +"This experiment shows that IPsec <emphasis>does</emphasis> seem to be " +"distributing the payload data <emphasis>uniformly</emphasis>, as encryption " +"should. However, the experiment described here <emphasis>cannot</emphasis> " +"detect many possible flaws in a system (none of which do I have any evidence " +"for). These include poor key generation or exchange, data or keys being " +"visible to others, use of weak algorithms, kernel subversion, etc. Study the " +"source; know the code." +msgstr "" +"Esta experiência mostra que o IPsec <emphasis>parece</emphasis> estar " +"distribuindo os dados de carga <emphasis>uniformemente</emphasis>, como a " +"criptografia deveria. No entanto, o experimento descrito aqui <emphasis>não " +"pode</emphasis> detectar muitas das falhas possíveis em um sistema (nenhum " +"dos quais eu tenho qualquer evidência para). Estes incluem geração ou troca " +"deficiente de chaves, dados ou chaves sendo visíveis para outros, uso de " +"algoritmos fracos, subversão do kernel, etc. Estude a fonte; conheça o " +"código." + +#. (itstool) path: sect1/title +#: article.translate.xml:171 +msgid "IPsec---Definition" +msgstr "IPsec --- Definição" + +#. (itstool) path: sect1/para +#: article.translate.xml:173 +msgid "" +"Internet Protocol security extensions to IPv4; required for IPv6. A protocol " +"for negotiating encryption and authentication at the IP (host-to-host) " +"level. SSL secures only one application socket; <application>SSH</" +"application> secures only a login; <application>PGP</application> secures " +"only a specified file or message. IPsec encrypts everything between two " +"hosts." +msgstr "" +"Extensões de segurança do protocolo Internet para o IPv4; obrigatório para o " +"IPv6. Um protocolo para negociar criptografia e autenticação no nível IP " +"(host para host). O SSL protege apenas um soquete de aplicativo; O " +"<application>SSH</application> protege apenas um login;<application>PGP</" +"application> protege apenas um arquivo ou mensagem especifico. O IPsec " +"criptografa tudo entre dois hosts." + +#. (itstool) path: sect1/title +#: article.translate.xml:182 +msgid "Installing IPsec" +msgstr "Instalando o IPsec" + +#. (itstool) path: sect1/para +#: article.translate.xml:184 +msgid "" +"Most of the modern versions of FreeBSD have IPsec support in their base " +"source. So you will need to include the <option>IPSEC</option> option in " +"your kernel config and, after kernel rebuild and reinstall, configure IPsec " +"connections using <citerefentry><refentrytitle>setkey</" +"refentrytitle><manvolnum>8</manvolnum></citerefentry> command." +msgstr "" +"A maioria das versões modernas do FreeBSD tem suporte a IPsec em sua fonte " +"base. Portanto, você precisará incluir a opção <option>IPSEC</option> em sua " +"configuração de kernel e, após a reconstrução e reinstalação do kernel, " +"configurar as conexões IPsec usando o comando " +"<citerefentry><refentrytitle>setkey</refentrytitle><manvolnum>8</manvolnum></" +"citerefentry>." + +#. (itstool) path: sect1/para +#: article.translate.xml:190 +msgid "" +"A comprehensive guide on running IPsec on FreeBSD is provided in <link xlink:" +"href=\"@@URL_RELPREFIX@@/doc/en_US.ISO8859-1/books/handbook/ipsec.html" +"\">FreeBSD Handbook</link>." +msgstr "" +"Um guia completo sobre como executar o IPsec no FreeBSD é fornecido no <link " +"xlink:href=\"@@URL_RELPREFIX@@/doc/en_US.ISO8859-1/books/handbook/ipsec.html" +"\">Handbook do FreeBSD</link>." + +#. (itstool) path: sect1/title +#: article.translate.xml:196 +msgid "src/sys/i386/conf/KERNELNAME" +msgstr "src/sys/i386/conf/KERNELNAME" + +#. (itstool) path: sect1/para +#: article.translate.xml:198 +msgid "" +"This needs to be present in the kernel config file in order to capture " +"network data with <citerefentry><refentrytitle>tcpdump</" +"refentrytitle><manvolnum>1</manvolnum></citerefentry>. Be sure to run " +"<citerefentry><refentrytitle>config</refentrytitle><manvolnum>8</manvolnum></" +"citerefentry> after adding this, and rebuild and reinstall." +msgstr "" +"Isto precisa estar presente no arquivo de configuração do kernel para " +"habilitar o suporte para captura de dados de rede com o " +"<citerefentry><refentrytitle>tcpdump</refentrytitle> <manvolnum>1</" +"manvolnum></citerefentry>. Certifique-se de executar o " +"<citerefentry><refentrytitle>config</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry> depois de adicionar a linha, de recompilar e de reinstalar." + +#. (itstool) path: sect1/programlisting +#: article.translate.xml:203 +#, no-wrap +msgid "device\tbpf" +msgstr "device\tbpf" + +#. (itstool) path: sect1/title +#: article.translate.xml:207 +msgid "Maurer's Universal Statistical Test (for block size=8 bits)" +msgstr "Teste Estatístico Universal de Maurer (para tamanho de bloco = 8 bits)" + +#. (itstool) path: sect1/para +#: article.translate.xml:210 +#, fuzzy +msgid "" +"You can find the same code at <link xlink:href=\"https://web.archive.org/" +"web/20031204230654/http://www.geocities.com:80/SiliconValley/Code/4704/" +"uliscanc.txt\"> this link</link>." +msgstr "" +"Você pode encontrar o mesmo código em <link xlink:href=\"http://www." +"geocities.com/SiliconValley/Code/4704/uliscanc.txt\">neste link</link>." + +#. (itstool) path: sect1/programlisting +#: article.translate.xml:213 +#, no-wrap +msgid "" +"/*\n" +" ULISCAN.c ---blocksize of 8\n" +"\n" +" 1 Oct 98\n" +" 1 Dec 98\n" +" 21 Dec 98 uliscan.c derived from ueli8.c\n" +"\n" +" This version has // comments removed for Sun cc\n" +"\n" +" This implements Ueli M Maurer's \"Universal Statistical Test for Random\n" +" Bit Generators\" using L=8\n" +"\n" +" Accepts a filename on the command line; writes its results, with other\n" +" info, to stdout.\n" +"\n" +" Handles input file exhaustion gracefully.\n" +"\n" +" Ref: J. Cryptology v 5 no 2, 1992 pp 89-105\n" +" also on the web somewhere, which is where I found it.\n" +"\n" +" -David Honig\n" +" honig@sprynet.com\n" +"\n" +" Usage:\n" +" ULISCAN filename\n" +" outputs to stdout\n" +"*/\n" +"\n" +"#define L 8\n" +"#define V (1<<L)\n" +"#define Q (10*V)\n" +"#define K (100 *Q)\n" +"#define MAXSAMP (Q + K)\n" +"\n" +"#include <stdio.h>\n" +"#include <math.h>\n" +"\n" +"int main(argc, argv)\n" +"int argc;\n" +"char **argv;\n" +"{\n" +" FILE *fptr;\n" +" int i,j;\n" +" int b, c;\n" +" int table[V];\n" +" double sum = 0.0;\n" +" int iproduct = 1;\n" +" int run;\n" +"\n" +" extern double log(/* double x */);\n" +"\n" +" printf(\"Uliscan 21 Dec 98 \\nL=%d %d %d \\n\", L, V, MAXSAMP);\n" +"\n" +" if (argc < 2) {\n" +" printf(\"Usage: Uliscan filename\\n\");\n" +" exit(-1);\n" +" } else {\n" +" printf(\"Measuring file %s\\n\", argv[1]);\n" +" }\n" +"\n" +" fptr = fopen(argv[1],\"rb\");\n" +"\n" +" if (fptr == NULL) {\n" +" printf(\"Can't find %s\\n\", argv[1]);\n" +" exit(-1);\n" +" }\n" +"\n" +" for (i = 0; i < V; i++) {\n" +" table[i] = 0;\n" +" }\n" +"\n" +" for (i = 0; i < Q; i++) {\n" +" b = fgetc(fptr);\n" +" table[b] = i;\n" +" }\n" +"\n" +" printf(\"Init done\\n\");\n" +"\n" +" printf(\"Expected value for L=8 is 7.1836656\\n\");\n" +"\n" +" run = 1;\n" +"\n" +" while (run) {\n" +" sum = 0.0;\n" +" iproduct = 1;\n" +"\n" +" if (run)\n" +" for (i = Q; run && i < Q + K; i++) {\n" +" j = i;\n" +" b = fgetc(fptr);\n" +"\n" +" if (b < 0)\n" +" run = 0;\n" +"\n" +" if (run) {\n" +" if (table[b] > j)\n" +" j += K;\n" +"\n" +" sum += log((double)(j-table[b]));\n" +"\n" +" table[b] = i;\n" +" }\n" +" }\n" +"\n" +" if (!run)\n" +" printf(\"Premature end of file; read %d blocks.\\n\", i - Q);\n" +"\n" +" sum = (sum/((double)(i - Q))) / log(2.0);\n" +" printf(\"%4.4f \", sum);\n" +"\n" +" for (i = 0; i < (int)(sum*8.0 + 0.50); i++)\n" +" printf(\"-\");\n" +"\n" +" printf(\"\\n\");\n" +"\n" +" /* refill initial table */\n" +" if (0) {\n" +" for (i = 0; i < Q; i++) {\n" +" b = fgetc(fptr);\n" +" if (b < 0) {\n" +" run = 0;\n" +" } else {\n" +" table[b] = i;\n" +" }\n" +" }\n" +" }\n" +" }\n" +"}" +msgstr "" +"/*\n" +" ULISCAN.c ---blocksize of 8\n" +"\n" +" 1 Oct 98\n" +" 1 Dec 98\n" +" 21 Dec 98 uliscan.c derived from ueli8.c\n" +"\n" +" This version has // comments removed for Sun cc\n" +"\n" +" This implements Ueli M Maurer's \"Universal Statistical Test for Random\n" +" Bit Generators\" using L=8\n" +"\n" +" Accepts a filename on the command line; writes its results, with other\n" +" info, to stdout.\n" +"\n" +" Handles input file exhaustion gracefully.\n" +"\n" +" Ref: J. Cryptology v 5 no 2, 1992 pp 89-105\n" +" also on the web somewhere, which is where I found it.\n" +"\n" +" -David Honig\n" +" honig@sprynet.com\n" +"\n" +" Usage:\n" +" ULISCAN filename\n" +" outputs to stdout\n" +"*/\n" +"\n" +"#define L 8\n" +"#define V (1<<L)\n" +"#define Q (10*V)\n" +"#define K (100 *Q)\n" +"#define MAXSAMP (Q + K)\n" +"\n" +"#include <stdio.h>\n" +"#include <math.h>\n" +"\n" +"int main(argc, argv)\n" +"int argc;\n" +"char **argv;\n" +"{\n" +" FILE *fptr;\n" +" int i,j;\n" +" int b, c;\n" +" int table[V];\n" +" double sum = 0.0;\n" +" int iproduct = 1;\n" +" int run;\n" +"\n" +" extern double log(/* double x */);\n" +"\n" +" printf(\"Uliscan 21 Dec 98 \\nL=%d %d %d \\n\", L, V, MAXSAMP);\n" +"\n" +" if (argc < 2) {\n" +" printf(\"Usage: Uliscan filename\\n\");\n" +" exit(-1);\n" +" } else {\n" +" printf(\"Measuring file %s\\n\", argv[1]);\n" +" }\n" +"\n" +" fptr = fopen(argv[1],\"rb\");\n" +"\n" +" if (fptr == NULL) {\n" +" printf(\"Can't find %s\\n\", argv[1]);\n" +" exit(-1);\n" +" }\n" +"\n" +" for (i = 0; i < V; i++) {\n" +" table[i] = 0;\n" +" }\n" +"\n" +" for (i = 0; i < Q; i++) {\n" +" b = fgetc(fptr);\n" +" table[b] = i;\n" +" }\n" +"\n" +" printf(\"Init done\\n\");\n" +"\n" +" printf(\"Expected value for L=8 is 7.1836656\\n\");\n" +"\n" +" run = 1;\n" +"\n" +" while (run) {\n" +" sum = 0.0;\n" +" iproduct = 1;\n" +"\n" +" if (run)\n" +" for (i = Q; run && i < Q + K; i++) {\n" +" j = i;\n" +" b = fgetc(fptr);\n" +"\n" +" if (b < 0)\n" +" run = 0;\n" +"\n" +" if (run) {\n" +" if (table[b] > j)\n" +" j += K;\n" +"\n" +" sum += log((double)(j-table[b]));\n" +"\n" +" table[b] = i;\n" +" }\n" +" }\n" +"\n" +" if (!run)\n" +" printf(\"Premature end of file; read %d blocks.\\n\", i - Q);\n" +"\n" +" sum = (sum/((double)(i - Q))) / log(2.0);\n" +" printf(\"%4.4f \", sum);\n" +"\n" +" for (i = 0; i < (int)(sum*8.0 + 0.50); i++)\n" +" printf(\"-\");\n" +"\n" +" printf(\"\\n\");\n" +"\n" +" /* refill initial table */\n" +" if (0) {\n" +" for (i = 0; i < Q; i++) {\n" +" b = fgetc(fptr);\n" +" if (b < 0) {\n" *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809060040.w860eO5a083102>