# $FreeBSD$ # Danilo G. Baio , 2018. #zanata # Edson Brandi , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2018-12-12 12:52+0000\n" "PO-Revision-Date: 2018-12-12 12:49+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Zanata 4.6.2\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #. Put one translator per line, in the form NAME , YEAR1, YEAR2 msgctxt "_" msgid "translator-credits" msgstr "" "Edson Brandi, ebrandi@FreeBSD.org, 2018\n" "Mauro Risonho de Paula Assumpção, mauro.risonho@gmail.com, 2018" #. (itstool) path: info/title #: article.translate.xml:9 msgid "Independent Verification of IPsec Functionality in FreeBSD" msgstr "Verificação Independente da Funcionalidade IPsec no FreeBSD" #. (itstool) path: affiliation/address #: article.translate.xml:13 #, no-wrap msgid "honig@sprynet.com" msgstr "honig@sprynet.com" #. (itstool) path: info/author #: article.translate.xml:12 msgid "" "DavidHonig <_:address-1/> " msgstr "" "DavidHonig <_:address-1/> " #. (itstool) path: info/pubdate #: article.translate.xml:16 msgid "1999-05-03" msgstr "1999-05-03" #. (itstool) path: legalnotice/para #: article.translate.xml:19 msgid "FreeBSD is a registered trademark of the FreeBSD Foundation." msgstr "FreeBSD is a registered trademark of the FreeBSD Foundation." #. (itstool) path: legalnotice/para #: article.translate.xml:21 msgid "" "Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The " "Open Group are trademarks of The Open Group in the United States and other " "countries." msgstr "" "Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The " "Open Group are trademarks of The Open Group in the United States and other " "countries." #. (itstool) path: legalnotice/para #: article.translate.xml:25 msgid "" "Many of the designations used by manufacturers and sellers to distinguish " "their products are claimed as trademarks. Where those designations appear in " "this document, and the FreeBSD Project was aware of the trademark claim, the " "designations have been followed by the ™ or the ® symbol." msgstr "" "Many of the designations used by manufacturers and sellers to distinguish " "their products are claimed as trademarks. Where those designations appear in " "this document, and the FreeBSD Project was aware of the trademark claim, the " "designations have been followed by the ™ or the ® symbol." #. (itstool) path: info/releaseinfo #: article.translate.xml:33 msgid "" "$FreeBSD: head/en_US.ISO8859-1/articles/ipsec-must/article.xml 52227 " "2018-09-06 01:30:47Z ebrandi $" msgstr "" "$FreeBSD: head/en_US.ISO8859-1/articles/ipsec-must/article.xml 52227 " "2018-09-06 01:30:47Z ebrandi $" #. (itstool) path: abstract/para #: article.translate.xml:36 msgid "" "You installed IPsec and it seems to be working. How do you know? I describe " "a method for experimentally verifying that IPsec is working." msgstr "" "Você instalou o IPsec e ele parece estar funcionando. Como você sabe? Eu " "descrevo um método para verificar experimentalmente se o IPsec está " "funcionando." #. (itstool) path: sect1/title #: article.translate.xml:43 msgid "The Problem" msgstr "O problema" #. (itstool) path: sect1/para #: article.translate.xml:45 msgid "" "First, lets assume you have installed " "IPsec. How do you know it is working? Sure, your connection will not work if it is " "misconfigured, and it will work when you finally get it right. " "netstat1 will list it. But can you independently confirm it?" msgstr "" "Primeiro, vamos assumir que você tem o IPsec instalado . Como você sabe que ele está " "funcionando? Claro, sua conexão não " "funcionará se ele estiver mal configurado, e funcionará quando você " "finalmente acertar a configuração. O netstat1irá listá-lo. Mas você " "pode confirmar isso de forma independente?" #. (itstool) path: sect1/title #: article.translate.xml:54 msgid "The Solution" msgstr "A solução" #. (itstool) path: sect1/para #: article.translate.xml:56 msgid "First, some crypto-relevant info theory:" msgstr "" "Em primeiro lugar, vejamos alguma informação teórica relevante em relação à " "criptografia:" #. (itstool) path: listitem/para #: article.translate.xml:60 msgid "" "Encrypted data is uniformly distributed, i.e., has maximal entropy per " "symbol;" msgstr "" "Dados criptografados são uniformemente distribuídos, ou seja, possuem " "entropia máxima por símbolo;" #. (itstool) path: listitem/para #: article.translate.xml:65 msgid "" "Raw, uncompressed data is typically redundant, i.e., has sub-maximal entropy." msgstr "" "Os dados brutos, não comprimidos são tipicamente redundantes, isto é, " "possuem entropia submáxima." #. (itstool) path: sect1/para #: article.translate.xml:70 msgid "" "Suppose you could measure the entropy of the data to- and from- your network " "interface. Then you could see the difference between unencrypted data and " "encrypted data. This would be true even if some of the data in " "encrypted mode was not encrypted---as the outermost IP header " "must be if the packet is to be routable." msgstr "" "Suponha que você possa medir a entropia dos dados destinados para a sua " "interface de rede e também dos dados originados dela. Então você pode ver a " "diferença entre dados não criptografados e dados criptografados. Isso seria " "verdade mesmo que alguns dos dados no modo criptografado não " "estivessem criptografados --- como deve o cabeçalho IP mais externo para que " "o pacote seja roteável." #. (itstool) path: sect2/title #: article.translate.xml:78 msgid "MUST" msgstr "MUST" #. (itstool) path: sect2/para #: article.translate.xml:80 msgid "" "Ueli Maurer's Universal Statistical Test for Random Bit Generators( MUST) quickly measures the entropy of a sample. It uses a " "compression-like algorithm. The code is given below for a variant which measures successive (~quarter megabyte) chunks of " "a file." msgstr "" "O teste de Estatística Universal para Geradores de Bits Aleatórios de Ueli Maurer (MUST ) mede rapidamente a entropia " "de uma amostra. Ele usa um algoritmo semelhante à compressão. O código é dado abaixo para uma variante que mede partes " "sucessivas (aproximadamente um quarto de megabyte) de um arquivo." #. (itstool) path: sect2/title #: article.translate.xml:89 msgid "Tcpdump" msgstr "Tcpdump" #. (itstool) path: sect2/para #: article.translate.xml:91 msgid "" "We also need a way to capture the raw network data. A program called " "tcpdump1 lets you do this, if you have enabled the " "Berkeley Packet Filter interface in your kernel's config file." msgstr "" "Também precisamos de uma maneira de capturar os dados brutos da rede. Um " "programa chamado tcpdump " "1 permite que você faça isso, se você " "ativou a interface Berkeley Packet Filter no seu arquivo de configuração do kernel." #. (itstool) path: sect2/para #: article.translate.xml:97 msgid "The command:" msgstr "O comando:" #. (itstool) path: sect2/screen #: article.translate.xml:99 #, no-wrap msgid "tcpdump -c 4000 -s 10000 -w dumpfile.bin" msgstr "tcpdump -c 4000 -s 10000 -w dumpfile.bin" #. (itstool) path: sect2/para #: article.translate.xml:101 msgid "" "will capture 4000 raw packets to dumpfile.bin. Up " "to 10,000 bytes per packet will be captured in this example." msgstr "" "irá capturar 4000 pacotes brutos no arquivo dumpfile.bin. Até 10.000 bytes por pacote serão capturados neste exemplo." #. (itstool) path: sect1/title #: article.translate.xml:108 msgid "The Experiment" msgstr "O Experimento" #. (itstool) path: sect1/para #: article.translate.xml:110 msgid "Here is the experiment:" msgstr "Aqui está o experimento:" #. (itstool) path: step/para #: article.translate.xml:114 msgid "Open a window to an IPsec host and another window to an insecure host." msgstr "" "Abra uma janela para um host IPsec e outra janela para um host inseguro." #. (itstool) path: step/para #: article.translate.xml:119 msgid "Now start capturing packets." msgstr "Agora comece a capturar os pacotes." #. (itstool) path: step/para #: article.translate.xml:124 msgid "" "In the secure window, run the UNIX command yes1, which will stream the " "y character. After a while, stop this. Switch to the " "insecure window, and repeat. After a while, stop." msgstr "" "Na janela segura, execute o comando UNIX yes1, que transmitirá o " "caractere y. Depois de um tempo, pare com isso. Alterne " "para a janela insegura e repita. Depois de um tempo, pare." #. (itstool) path: step/para #: article.translate.xml:131 msgid "" "Now run MUST on the captured packets. You " "should see something like the following. The important thing to note is that " "the secure connection has 93% (6.7) of the expected value (7.18), and the " "normal connection has 29% (2.1) of the expected value." msgstr "" "Agora execute o MUST nos pacotes capturados. " "Você deve ver algo como o seguinte. O importante é notar que a conexão " "segura tem 93% (6,7) do valor esperado (7,18), e a conexão normal tem 29% (2,1) do valor esperado." #. (itstool) path: step/screen #: article.translate.xml:138 #, no-wrap msgid "" "% tcpdump -c 4000 -s 10000 -w ipsecdemo.bin\n" "% uliscan ipsecdemo.bin\n" "\n" "Uliscan 21 Dec 98\n" "L=8 256 258560\n" "Measuring file ipsecdemo.bin\n" "Init done\n" "Expected value for L=8 is 7.1836656\n" "6.9396 --------------------------------------------------------\n" "6.6177 -----------------------------------------------------\n" "6.4100 ---------------------------------------------------\n" "2.1101 -----------------\n" "2.0838 -----------------\n" "2.0983 -----------------" msgstr "" "% tcpdump -c 4000 -s 10000 -w ipsecdemo.bin\n" "% uliscan ipsecdemo.bin\n" "\n" "Uliscan 21 Dec 98\n" "L=8 256 258560\n" "Measuring file ipsecdemo.bin\n" "Init done\n" "Expected value for L=8 is 7.1836656\n" "6.9396 --------------------------------------------------------\n" "6.6177 -----------------------------------------------------\n" "6.4100 ---------------------------------------------------\n" "2.1101 -----------------\n" "2.0838 -----------------\n" "2.0983 -----------------" #. (itstool) path: sect1/title #: article.translate.xml:157 msgid "Caveat" msgstr "Embargo" #. (itstool) path: sect1/para #: article.translate.xml:159 msgid "" "This experiment shows that IPsec does seem to be " "distributing the payload data uniformly, as encryption " "should. However, the experiment described here cannot " "detect many possible flaws in a system (none of which do I have any evidence " "for). These include poor key generation or exchange, data or keys being " "visible to others, use of weak algorithms, kernel subversion, etc. Study the " "source; know the code." msgstr "" "Esta experiência mostra que o IPsec parece estar " "distribuindo os dados de carga uniformemente, como a " "criptografia deveria. No entanto, o experimento descrito aqui não " "pode detectar muitas das falhas possíveis em um sistema (nenhum " "dos quais eu tenho qualquer evidência para). Estes incluem geração ou troca " "deficiente de chaves, dados ou chaves sendo visíveis para outros, uso de " "algoritmos fracos, subversão do kernel, etc. Estude a fonte; conheça o " "código." #. (itstool) path: sect1/title #: article.translate.xml:171 msgid "IPsec---Definition" msgstr "IPsec --- Definição" #. (itstool) path: sect1/para #: article.translate.xml:173 msgid "" "Internet Protocol security extensions to IPv4; required for IPv6. A protocol " "for negotiating encryption and authentication at the IP (host-to-host) " "level. SSL secures only one application socket; SSH secures only a login; PGP secures " "only a specified file or message. IPsec encrypts everything between two " "hosts." msgstr "" "Extensões de segurança do protocolo Internet para o IPv4; obrigatório para o " "IPv6. Um protocolo para negociar criptografia e autenticação no nível IP " "(host para host). O SSL protege apenas um soquete de aplicativo; O " "SSH protege apenas um login;PGP protege apenas um arquivo ou mensagem especifico. O IPsec " "criptografa tudo entre dois hosts." #. (itstool) path: sect1/title #: article.translate.xml:182 msgid "Installing IPsec" msgstr "Instalando o IPsec" #. (itstool) path: sect1/para #: article.translate.xml:184 msgid "" "Most of the modern versions of FreeBSD have IPsec support in their base " "source. So you will need to include the option in " "your kernel config and, after kernel rebuild and reinstall, configure IPsec " "connections using setkey8 command." msgstr "" "A maioria das versões modernas do FreeBSD tem suporte a IPsec em sua fonte " "base. Portanto, você precisará incluir a opção em sua " "configuração de kernel e, após a reconstrução e reinstalação do kernel, " "configurar as conexões IPsec usando o comando " "setkey8." #. (itstool) path: sect1/para #: article.translate.xml:190 msgid "" "A comprehensive guide on running IPsec on FreeBSD is provided in FreeBSD Handbook." msgstr "" "Um guia completo sobre como executar o IPsec no FreeBSD é fornecido no Handbook do FreeBSD." #. (itstool) path: sect1/title #: article.translate.xml:196 msgid "src/sys/i386/conf/KERNELNAME" msgstr "src/sys/i386/conf/KERNELNAME" #. (itstool) path: sect1/para #: article.translate.xml:198 msgid "" "This needs to be present in the kernel config file in order to capture " "network data with tcpdump1. Be sure to run " "config8 after adding this, and rebuild and reinstall." msgstr "" "Isto precisa estar presente no arquivo de configuração do kernel para " "habilitar o suporte para captura de dados de rede com o " "tcpdump 1. Certifique-se de executar o " "config8 " " depois de adicionar a linha, de recompilar e de reinstalar." #. (itstool) path: sect1/programlisting #: article.translate.xml:203 #, no-wrap msgid "device\tbpf" msgstr "device\tbpf" #. (itstool) path: sect1/title #: article.translate.xml:207 msgid "Maurer's Universal Statistical Test (for block size=8 bits)" msgstr "Teste Estatístico Universal de Maurer (para tamanho de bloco = 8 bits)" #. (itstool) path: sect1/para #: article.translate.xml:210 msgid "" "You can find the same code at this link." msgstr "" "Você pode encontrar o mesmo código em neste link." #. (itstool) path: sect1/programlisting #: article.translate.xml:213 #, no-wrap msgid "" "/*\n" " ULISCAN.c ---blocksize of 8\n" "\n" " 1 Oct 98\n" " 1 Dec 98\n" " 21 Dec 98 uliscan.c derived from ueli8.c\n" "\n" " This version has // comments removed for Sun cc\n" "\n" " This implements Ueli M Maurer's \"Universal Statistical Test for Random\n" " Bit Generators\" using L=8\n" "\n" " Accepts a filename on the command line; writes its results, with other\n" " info, to stdout.\n" "\n" " Handles input file exhaustion gracefully.\n" "\n" " Ref: J. Cryptology v 5 no 2, 1992 pp 89-105\n" " also on the web somewhere, which is where I found it.\n" "\n" " -David Honig\n" " honig@sprynet.com\n" "\n" " Usage:\n" " ULISCAN filename\n" " outputs to stdout\n" "*/\n" "\n" "#define L 8\n" "#define V (1<<L)\n" "#define Q (10*V)\n" "#define K (100 *Q)\n" "#define MAXSAMP (Q + K)\n" "\n" "#include <stdio.h>\n" "#include <math.h>\n" "\n" "int main(argc, argv)\n" "int argc;\n" "char **argv;\n" "{\n" " FILE *fptr;\n" " int i,j;\n" " int b, c;\n" " int table[V];\n" " double sum = 0.0;\n" " int iproduct = 1;\n" " int run;\n" "\n" " extern double log(/* double x */);\n" "\n" " printf(\"Uliscan 21 Dec 98 \\nL=%d %d %d \\n\", L, V, MAXSAMP);\n" "\n" " if (argc < 2) {\n" " printf(\"Usage: Uliscan filename\\n\");\n" " exit(-1);\n" " } else {\n" " printf(\"Measuring file %s\\n\", argv[1]);\n" " }\n" "\n" " fptr = fopen(argv[1],\"rb\");\n" "\n" " if (fptr == NULL) {\n" " printf(\"Can't find %s\\n\", argv[1]);\n" " exit(-1);\n" " }\n" "\n" " for (i = 0; i < V; i++) {\n" " table[i] = 0;\n" " }\n" "\n" " for (i = 0; i < Q; i++) {\n" " b = fgetc(fptr);\n" " table[b] = i;\n" " }\n" "\n" " printf(\"Init done\\n\");\n" "\n" " printf(\"Expected value for L=8 is 7.1836656\\n\");\n" "\n" " run = 1;\n" "\n" " while (run) {\n" " sum = 0.0;\n" " iproduct = 1;\n" "\n" " if (run)\n" " for (i = Q; run && i < Q + K; i++) {\n" " j = i;\n" " b = fgetc(fptr);\n" "\n" " if (b < 0)\n" " run = 0;\n" "\n" " if (run) {\n" " if (table[b] > j)\n" " j += K;\n" "\n" " sum += log((double)(j-table[b]));\n" "\n" " table[b] = i;\n" " }\n" " }\n" "\n" " if (!run)\n" " printf(\"Premature end of file; read %d blocks.\\n\", i - Q);\n" "\n" " sum = (sum/((double)(i - Q))) / log(2.0);\n" " printf(\"%4.4f \", sum);\n" "\n" " for (i = 0; i < (int)(sum*8.0 + 0.50); i++)\n" " printf(\"-\");\n" "\n" " printf(\"\\n\");\n" "\n" " /* refill initial table */\n" " if (0) {\n" " for (i = 0; i < Q; i++) {\n" " b = fgetc(fptr);\n" " if (b < 0) {\n" " run = 0;\n" " } else {\n" " table[b] = i;\n" " }\n" " }\n" " }\n" " }\n" "}" msgstr "" "/*\n" " ULISCAN.c ---blocksize of 8\n" "\n" " 1 Oct 98\n" " 1 Dec 98\n" " 21 Dec 98 uliscan.c derived from ueli8.c\n" "\n" " This version has // comments removed for Sun cc\n" "\n" " This implements Ueli M Maurer's \"Universal Statistical Test for Random\n" " Bit Generators\" using L=8\n" "\n" " Accepts a filename on the command line; writes its results, with other\n" " info, to stdout.\n" "\n" " Handles input file exhaustion gracefully.\n" "\n" " Ref: J. Cryptology v 5 no 2, 1992 pp 89-105\n" " also on the web somewhere, which is where I found it.\n" "\n" " -David Honig\n" " honig@sprynet.com\n" "\n" " Usage:\n" " ULISCAN filename\n" " outputs to stdout\n" "*/\n" "\n" "#define L 8\n" "#define V (1<<L)\n" "#define Q (10*V)\n" "#define K (100 *Q)\n" "#define MAXSAMP (Q + K)\n" "\n" "#include <stdio.h>\n" "#include <math.h>\n" "\n" "int main(argc, argv)\n" "int argc;\n" "char **argv;\n" "{\n" " FILE *fptr;\n" " int i,j;\n" " int b, c;\n" " int table[V];\n" " double sum = 0.0;\n" " int iproduct = 1;\n" " int run;\n" "\n" " extern double log(/* double x */);\n" "\n" " printf(\"Uliscan 21 Dec 98 \\nL=%d %d %d \\n\", L, V, MAXSAMP);\n" "\n" " if (argc < 2) {\n" " printf(\"Usage: Uliscan filename\\n\");\n" " exit(-1);\n" " } else {\n" " printf(\"Measuring file %s\\n\", argv[1]);\n" " }\n" "\n" " fptr = fopen(argv[1],\"rb\");\n" "\n" " if (fptr == NULL) {\n" " printf(\"Can't find %s\\n\", argv[1]);\n" " exit(-1);\n" " }\n" "\n" " for (i = 0; i < V; i++) {\n" " table[i] = 0;\n" " }\n" "\n" " for (i = 0; i < Q; i++) {\n" " b = fgetc(fptr);\n" " table[b] = i;\n" " }\n" "\n" " printf(\"Init done\\n\");\n" "\n" " printf(\"Expected value for L=8 is 7.1836656\\n\");\n" "\n" " run = 1;\n" "\n" " while (run) {\n" " sum = 0.0;\n" " iproduct = 1;\n" "\n" " if (run)\n" " for (i = Q; run && i < Q + K; i++) {\n" " j = i;\n" " b = fgetc(fptr);\n" "\n" " if (b < 0)\n" " run = 0;\n" "\n" " if (run) {\n" " if (table[b] > j)\n" " j += K;\n" "\n" " sum += log((double)(j-table[b]));\n" "\n" " table[b] = i;\n" " }\n" " }\n" "\n" " if (!run)\n" " printf(\"Premature end of file; read %d blocks.\\n\", i - Q);\n" "\n" " sum = (sum/((double)(i - Q))) / log(2.0);\n" " printf(\"%4.4f \", sum);\n" "\n" " for (i = 0; i < (int)(sum*8.0 + 0.50); i++)\n" " printf(\"-\");\n" "\n" " printf(\"\\n\");\n" "\n" " /* refill initial table */\n" " if (0) {\n" " for (i = 0; i < Q; i++) {\n" " b = fgetc(fptr);\n" " if (b < 0) {\n" " run = 0;\n" " } else {\n" " table[b] = i;\n" " }\n" " }\n" " }\n" " }\n" "}"