FreeBSD Doc/articles_ipsec-must — Portuguese (Brazil) @ Weblate: This experiment shows that IPsec <emphasis>does</emphasis> seem to be distributing …

The translation is temporarily closed for contributions due to maintenance, please come back later.

Translation

Content

Source string comment (itstool) path: sect1/para

English

This experiment shows that IPsec <emphasis>does</emphasis> seem to be distributing the payload data <emphasis>uniformly</emphasis>, as encryption should. However, the experiment described here <emphasis>cannot</emphasis> detect many possible flaws in a system (none of which do I have any evidence for). These include poor key generation or exchange, data or keys being visible to others, use of weak algorithms, kernel subversion, etc. Study the source; know the code.

Portuguese (Brazil)

Needs editing

Context	English	Portuguese (Brazil)	State
	MUST	MUST
	Ueli Maurer's <quote>Universal Statistical Test for Random Bit Generators</quote>(<link xlink:href="https://web.archive.org/web/20011115002319/http://www.geocities.com/SiliconValley/Code/4704/universal.pdf"> <acronym>MUST</acronym></link>) quickly measures the entropy of a sample. It uses a compression-like algorithm. <link linkend="code">The code is given below</link> for a variant which measures successive (~quarter megabyte) chunks of a file.	O teste de <quote>Estatística Universal para Geradores de Bits Aleatórios</quote> de Ueli Maurer (<link xlink:href="https://web.archive.org/web/20011115002319/http://www.geocities.com/SiliconValley/Code/4704/universal.pdf"><acronym>MUST</acronym> </link>) mede rapidamente a entropia de uma amostra. Ele usa um algoritmo semelhante à compressão. <link linkend="code"> O código é dado abaixo</link> para uma variante que mede partes sucessivas (aproximadamente um quarto de megabyte) de um arquivo.
	Tcpdump	Tcpdump
	We also need a way to capture the raw network data. A program called <citerefentry><refentrytitle>tcpdump</refentrytitle><manvolnum>1</manvolnum></citerefentry> lets you do this, if you have enabled the <emphasis>Berkeley Packet Filter</emphasis> interface in your <link linkend="kernel">kernel's config file</link>.	Também precisamos de uma maneira de capturar os dados brutos da rede. Um programa chamado <citerefentry><refentrytitle>tcpdump</refentrytitle> <manvolnum>1</manvolnum></citerefentry> permite que você faça isso, se você ativou a interface <emphasis>Berkeley Packet Filter</emphasis> no seu <link linkend="kernel">arquivo de configuração do kernel</link>.
	The command:	O comando:
	<userinput>tcpdump -c 4000 -s 10000 -w <replaceable>dumpfile.bin</replaceable></userinput>	<userinput>tcpdump -c 4000 -s 10000 -w <replaceable>dumpfile.bin</replaceable></userinput>
	will capture 4000 raw packets to <replaceable>dumpfile.bin</replaceable>. Up to 10,000 bytes per packet will be captured in this example.	irá capturar 4000 pacotes brutos no arquivo <replaceable>dumpfile.bin</replaceable>. Até 10.000 bytes por pacote serão capturados neste exemplo.
	The Experiment	O Experimento
	Here is the experiment:	Aqui está o experimento:
	Open a window to an IPsec host and another window to an insecure host.	Abra uma janela para um host IPsec e outra janela para um host inseguro.
	Now start <link linkend="tcpdump">capturing packets</link>.	Agora comece a <link linkend="tcpdump">capturar os pacotes</link>.
	In the <quote>secure</quote> window, run the <trademark class="registered">UNIX</trademark> command <citerefentry><refentrytitle>yes</refentrytitle><manvolnum>1</manvolnum></citerefentry>, which will stream the <literal>y</literal> character. After a while, stop this. Switch to the insecure window, and repeat. After a while, stop.	Na janela <quote>segura</quote>, execute o comando <trademark class="registered">UNIX</trademark> <citerefentry><refentrytitle>yes</refentrytitle><manvolnum>1</manvolnum></citerefentry>, que transmitirá o caractere <literal>y</literal>. Depois de um tempo, pare com isso. Alterne para a janela insegura e repita. Depois de um tempo, pare.
	Now run <link linkend="code">MUST</link> on the captured packets. You should see something like the following. The important thing to note is that the secure connection has 93% (6.7) of the expected value (7.18), and the <quote>normal</quote> connection has 29% (2.1) of the expected value.	Agora execute o <link linkend="code">MUST</link> nos pacotes capturados. Você deve ver algo como o seguinte. O importante é notar que a conexão segura tem 93% (6,7) do valor esperado (7,18), e a conexão <quote>normal</quote> tem 29% (2,1) do valor esperado.
	<prompt>%</prompt> <userinput>tcpdump -c 4000 -s 10000 -w <replaceable>ipsecdemo.bin</replaceable></userinput> <prompt>%</prompt> <userinput>uliscan <replaceable>ipsecdemo.bin</replaceable></userinput> Uliscan 21 Dec 98 L=8 256 258560 Measuring file ipsecdemo.bin Init done Expected value for L=8 is 7.1836656 6.9396 -------------------------------------------------------- 6.6177 ----------------------------------------------------- 6.4100 --------------------------------------------------- 2.1101 ----------------- 2.0838 ----------------- 2.0983 -----------------	<prompt>%</prompt> <userinput>tcpdump -c 4000 -s 10000 -w <replaceable>ipsecdemo.bin</replaceable></userinput> <prompt>%</prompt> <userinput>uliscan <replaceable>ipsecdemo.bin</replaceable></userinput> Uliscan 21 Dec 98 L=8 256 258560 Measuring file ipsecdemo.bin Init done Expected value for L=8 is 7.1836656 6.9396 -------------------------------------------------------- 6.6177 ----------------------------------------------------- 6.4100 --------------------------------------------------- 2.1101 ----------------- 2.0838 ----------------- 2.0983 -----------------
	Caveat	Embargo
	This experiment shows that IPsec <emphasis>does</emphasis> seem to be distributing the payload data <emphasis>uniformly</emphasis>, as encryption should. However, the experiment described here <emphasis>cannot</emphasis> detect many possible flaws in a system (none of which do I have any evidence for). These include poor key generation or exchange, data or keys being visible to others, use of weak algorithms, kernel subversion, etc. Study the source; know the code.	Esta experiência mostra que o IPsec <emphasis>parece</emphasis> estar distribuindo os dados de carga <emphasis>uniformemente</emphasis>, como a criptografia deveria. No entanto, o experimento descrito aqui <emphasis>não pode</emphasis> detectar muitas das falhas possíveis em um sistema (nenhum dos quais eu tenho qualquer evidência para). Estes incluem geração ou troca deficiente de chaves, dados ou chaves sendo visíveis para outros, uso de algoritmos fracos, subversão do kernel, etc. Estude a fonte; conheça o código.
	IPsec---Definition	IPsec --- Definição
	Internet Protocol security extensions to IPv4; required for IPv6. A protocol for negotiating encryption and authentication at the IP (host-to-host) level. SSL secures only one application socket; <application>SSH</application> secures only a login; <application>PGP</application> secures only a specified file or message. IPsec encrypts everything between two hosts.	Extensões de segurança do protocolo Internet para o IPv4; obrigatório para o IPv6. Um protocolo para negociar criptografia e autenticação no nível IP (host para host). O SSL protege apenas um soquete de aplicativo; O <application>SSH</application> protege apenas um login;<application>PGP</application> protege apenas um arquivo ou mensagem especifico. O IPsec criptografa tudo entre dois hosts.
	Installing IPsec	Instalando o IPsec
	Most of the modern versions of FreeBSD have IPsec support in their base source. So you will need to include the <option>IPSEC</option> option in your kernel config and, after kernel rebuild and reinstall, configure IPsec connections using <citerefentry><refentrytitle>setkey</refentrytitle><manvolnum>8</manvolnum></citerefentry> command.	A maioria das versões modernas do FreeBSD tem suporte a IPsec em sua fonte base. Portanto, você precisará incluir a opção <option>IPSEC</option> em sua configuração de kernel e, após a reconstrução e reinstalação do kernel, configurar as conexões IPsec usando o comando <citerefentry><refentrytitle>setkey</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
	A comprehensive guide on running IPsec on FreeBSD is provided in <link xlink:href="@@URL_RELPREFIX@@/doc/en_US.ISO8859-1/books/handbook/ipsec.html">FreeBSD Handbook</link>.	Um guia completo sobre como executar o IPsec no FreeBSD é fornecido no <link xlink:href="@@URL_RELPREFIX@@/doc/en_US.ISO8859-1/books/handbook/ipsec.html">Handbook do FreeBSD</link>.
	src/sys/i386/conf/KERNELNAME	src/sys/i386/conf/KERNELNAME
	This needs to be present in the kernel config file in order to capture network data with <citerefentry><refentrytitle>tcpdump</refentrytitle><manvolnum>1</manvolnum></citerefentry>. Be sure to run <citerefentry><refentrytitle>config</refentrytitle><manvolnum>8</manvolnum></citerefentry> after adding this, and rebuild and reinstall.	Isto precisa estar presente no arquivo de configuração do kernel para habilitar o suporte para captura de dados de rede com o <citerefentry><refentrytitle>tcpdump</refentrytitle> <manvolnum>1</manvolnum></citerefentry>. Certifique-se de executar o <citerefentry><refentrytitle>config</refentrytitle><manvolnum>8</manvolnum> </citerefentry> depois de adicionar a linha, de recompilar e de reinstalar.
	device bpf	device bpf
	Maurer's Universal Statistical Test (for block size=8 bits)	Teste Estatístico Universal de Maurer (para tamanho de bloco = 8 bits)
	You can find the same code at <link xlink:href="https://web.archive.org/web/20031204230654/http://www.geocities.com:80/SiliconValley/Code/4704/uliscanc.txt"> this link</link>.	Você pode encontrar o mesmo código em <link xlink:href="https://web.archive.org/web/20031204230654/http://www.geocities.com:80/SiliconValley/Code/4704/uliscanc.txt">neste link</link>.
	/* ULISCAN.c ---blocksize of 8 1 Oct 98 1 Dec 98 21 Dec 98 uliscan.c derived from ueli8.c This version has // comments removed for Sun cc This implements Ueli M Maurer's "Universal Statistical Test for Random Bit Generators" using L=8 Accepts a filename on the command line; writes its results, with other info, to stdout. Handles input file exhaustion gracefully. Ref: J. Cryptology v 5 no 2, 1992 pp 89-105 also on the web somewhere, which is where I found it. -David Honig honig@sprynet.com Usage: ULISCAN filename outputs to stdout / #define L 8 #define V (1<<L) #define Q (10V) #define K (100 Q) #define MAXSAMP (Q + K) #include <stdio.h> #include <math.h> int main(argc, argv) int argc; char argv; { FILE fptr; int i,j; int b, c; int table[V]; double sum = 0.0; int iproduct = 1; int run; extern double log(/* double x /); printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP); if (argc < 2) { printf("Usage: Uliscan filename\n"); exit(-1); } else { printf("Measuring file %s\n", argv[1]); } fptr = fopen(argv[1],"rb"); if (fptr == NULL) { printf("Can't find %s\n", argv[1]); exit(-1); } for (i = 0; i < V; i++) { table[i] = 0; } for (i = 0; i < Q; i++) { b = fgetc(fptr); table[b] = i; } printf("Init done\n"); printf("Expected value for L=8 is 7.1836656\n"); run = 1; while (run) { sum = 0.0; iproduct = 1; if (run) for (i = Q; run && i < Q + K; i++) { j = i; b = fgetc(fptr); if (b < 0) run = 0; if (run) { if (table[b] > j) j += K; sum += log((double)(j-table[b])); table[b] = i; } } if (!run) printf("Premature end of file; read %d blocks.\n", i - Q); sum = (sum/((double)(i - Q))) / log(2.0); printf("%4.4f ", sum); for (i = 0; i < (int)(sum8.0 + 0.50); i++) printf("-"); printf("\n"); /* refill initial table */ if (0) { for (i = 0; i < Q; i++) { b = fgetc(fptr); if (b < 0) { run = 0; } else { table[b] = i; } } } } }	/* ULISCAN.c ---blocksize of 8 1 Oct 98 1 Dec 98 21 Dec 98 uliscan.c derived from ueli8.c This version has // comments removed for Sun cc This implements Ueli M Maurer's "Universal Statistical Test for Random Bit Generators" using L=8 Accepts a filename on the command line; writes its results, with other info, to stdout. Handles input file exhaustion gracefully. Ref: J. Cryptology v 5 no 2, 1992 pp 89-105 also on the web somewhere, which is where I found it. -David Honig honig@sprynet.com Usage: ULISCAN filename outputs to stdout / #define L 8 #define V (1<<L) #define Q (10V) #define K (100 Q) #define MAXSAMP (Q + K) #include <stdio.h> #include <math.h> int main(argc, argv) int argc; char argv; { FILE fptr; int i,j; int b, c; int table[V]; double sum = 0.0; int iproduct = 1; int run; extern double log(/* double x /); printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP); if (argc < 2) { printf("Usage: Uliscan filename\n"); exit(-1); } else { printf("Measuring file %s\n", argv[1]); } fptr = fopen(argv[1],"rb"); if (fptr == NULL) { printf("Can't find %s\n", argv[1]); exit(-1); } for (i = 0; i < V; i++) { table[i] = 0; } for (i = 0; i < Q; i++) { b = fgetc(fptr); table[b] = i; } printf("Init done\n"); printf("Expected value for L=8 is 7.1836656\n"); run = 1; while (run) { sum = 0.0; iproduct = 1; if (run) for (i = Q; run && i < Q + K; i++) { j = i; b = fgetc(fptr); if (b < 0) run = 0; if (run) { if (table[b] > j) j += K; sum += log((double)(j-table[b])); table[b] = i; } } if (!run) printf("Premature end of file; read %d blocks.\n", i - Q); sum = (sum/((double)(i - Q))) / log(2.0); printf("%4.4f ", sum); for (i = 0; i < (int)(sum8.0 + 0.50); i++) printf("-"); printf("\n"); /* refill initial table */ if (0) { for (i = 0; i < Q; i++) { b = fgetc(fptr); if (b < 0) { run = 0; } else { table[b] = i; } } } } }

Loading…

No matching activity found.

Browse all component changes

Glossary

English	Portuguese (Brazil)
No related strings found in the glossary.

Source information

Source string comment

(itstool) path: sect1/para

Source string location

article.translate.xml:159

String age

a year ago

Source string age

a year ago

Translation file

articles/pt_BR/ipsec-must.po, string 33