From owner-svn-doc-all@freebsd.org Fri Mar 29 15:17:07 2019 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0BF65156C1B7; Fri, 29 Mar 2019 15:17:07 +0000 (UTC) (envelope-from gabor@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AFBE4684B8; Fri, 29 Mar 2019 15:17:06 +0000 (UTC) (envelope-from gabor@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 87ECB921; Fri, 29 Mar 2019 15:17:06 +0000 (UTC) (envelope-from gabor@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x2TFH6xf075181; Fri, 29 Mar 2019 15:17:06 GMT (envelope-from gabor@FreeBSD.org) Received: (from gabor@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x2TFH5o1075178; Fri, 29 Mar 2019 15:17:05 GMT (envelope-from gabor@FreeBSD.org) Message-Id: <201903291517.x2TFH5o1075178@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gabor set sender to gabor@FreeBSD.org using -f From: Gabor Kovesdan Date: Fri, 29 Mar 2019 15:17:05 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52902 - in head/es_ES.ISO8859-1/articles: . ipsec-must X-SVN-Group: doc-head X-SVN-Commit-Author: gabor X-SVN-Commit-Paths: in head/es_ES.ISO8859-1/articles: . ipsec-must X-SVN-Commit-Revision: 52902 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: AFBE4684B8 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.980,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Mar 2019 15:17:07 -0000 Author: gabor Date: Fri Mar 29 15:17:05 2019 New Revision: 52902 URL: https://svnweb.freebsd.org/changeset/doc/52902 Log: - Add translation of ipsec-must article Submitted by: Sergio Carlavilla Added: head/es_ES.ISO8859-1/articles/ipsec-must/ head/es_ES.ISO8859-1/articles/ipsec-must/Makefile (contents, props changed) head/es_ES.ISO8859-1/articles/ipsec-must/article.xml (contents, props changed) head/es_ES.ISO8859-1/articles/ipsec-must/es_ES.po (contents, props changed) Modified: head/es_ES.ISO8859-1/articles/Makefile Modified: head/es_ES.ISO8859-1/articles/Makefile ============================================================================== --- head/es_ES.ISO8859-1/articles/Makefile Fri Mar 29 15:15:06 2019 (r52901) +++ head/es_ES.ISO8859-1/articles/Makefile Fri Mar 29 15:17:05 2019 (r52902) @@ -7,6 +7,7 @@ SUBDIR+= cups SUBDIR+= explaining-bsd SUBDIR+= fdp-es SUBDIR+= freebsd-questions +SUBDIR+= ipsec-must SUBDIR+= leap-seconds SUBDIR+= linux-users SUBDIR+= mailing-list-faq Added: head/es_ES.ISO8859-1/articles/ipsec-must/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/es_ES.ISO8859-1/articles/ipsec-must/Makefile Fri Mar 29 15:17:05 2019 (r52902) @@ -0,0 +1,25 @@ +# +# The FreeBSD Documentation Project +# The FreeBSD Spanish Documentation Project +# +# $FreeBSD$ +# +# Article: IPSec MUST + +MAINTAINER=carlavilla@mailbox.org + +DOC?= article + +FORMATS?= html html-split +WITH_ARTICLE_TOC?= YES + +INSTALL_COMPRESSED?= gz +INSTALL_ONLY_COMPRESSED?= + +SRCS= article.xml + +URL_RELPREFIX?= ../../../.. +DOC_PREFIX?= ${.CURDIR}/../../.. + +.include "${DOC_PREFIX}/share/mk/doc.project.mk" + Added: head/es_ES.ISO8859-1/articles/ipsec-must/article.xml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/es_ES.ISO8859-1/articles/ipsec-must/article.xml Fri Mar 29 15:17:05 2019 (r52902) @@ -0,0 +1,272 @@ + + + +
+ Verificación independiente de la funcionalidad de IPsec en FreeBSD + + + DavidHonig
honig@sprynet.com
 + + 1999-05-03 + + + FreeBSD is a registered trademark of the FreeBSD Foundation. + Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries. + Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the ® symbol. + + + $FreeBSD$ + + + Instaló IPsec y parece estar funcionando. ¿Cómo lo sabe? Describo un método para verificar de forma experimental que IPsec está funcionando. + + + + + El problema + + Primero, asumamos que ha instalado IPsec. ¿Cómo sabe que está funcionando? Claro, su conexión no funcionará si está mal configurada, y funcionará cuando finalmente lo haga bien. netstat1 la listará. ¿Pero puede confirmarlo de forma independiente? + + + + La solución + + Primero, alguna información teórica relevante sobre criptografía: + + + + Los datos cifrados se distribuyen uniformemente, es decir, tienen una entropía máxima por símbolo; + + + + Los datos sin procesar y sin comprimir suelen ser redundantes, es decir, tienen una entropía submáxima. + + + + Suponga que usted pudiera medir la entropía de los datos que van hacia -y desde- su interfaz de red. Entonces podría ver la diferencia entre los datos no cifrados y los cifrados. Esto sería verdad incluso si algunos de los datos en modo cifrado no lo estuvieran---ya que el encabezado IP más externo debe estarlo para que el paquete sea enrutable. + + + MUST + + El Universal Statistical Test for Random Bit Generators (MUST) de Ueli Maurer mide rápidamente la entropía de una muestra. Utiliza un algoritmo de compresión. El código se proporciona a continuación para una variante que mide partes sucesivas (~cuarto de megabyte) de un archivo + + + + Tcpdump + + También necesitamos una forma de capturar los datos de red sin procesar. Un programa llamado tcpdump1 le permite hacerlo, si tiene habilitada la interfaz de Berkeley Packet Filter en el archivo de configuración de su kernel. + + El comando: + + tcpdump -c 4000 -s 10000 -w dumpfile.bin + + capturará 4000 paquetes sin procesar en el fichero dumpfile.bin. En este ejemplo se capturarán hasta 10.000 bytes por paquete. + + + + + El experimento + + Aquí está el experimento: + + + + Abra una ventana a un host IPsec y otra ventana a un host inseguro. + + + + Ahora empiece a capturar paquetes. + + + + En la ventana segura, ejecute el comando UNIX yes1, que transmitirá el carácter y. Después de un rato, detenga el comando. Cambie a la ventana insegura, y repita. Espere un poco, detenga el comando. + + + + Ahora ejecute MUST en los paquetes capturados. Debería ver algo como lo siguiente. Lo importante a tener en cuenta es que la conexión segura tiene un 93% (6,7) del valor esperado (7,18), y la conexión normal tiene un 29% (2,1) del valor esperado. + + % tcpdump -c 4000 -s 10000 -w ipsecdemo.bin +% uliscan ipsecdemo.bin + +Uliscan 21 Dec 98 +L=8 256 258560 +Measuring file ipsecdemo.bin +Init done +Expected value for L=8 is 7.1836656 +6.9396 -------------------------------------------------------- +6.6177 ----------------------------------------------------- +6.4100 --------------------------------------------------- +2.1101 ----------------- +2.0838 ----------------- +2.0983 ----------------- + + + + + + Advertencia + + Este experimento muestra que IPsec parece estar distribuyendo los datos de la carga útil uniformemente, como debe hacerlo el cifrado. Sin embargo, el experimento aquí descrito puede no detectar muchas de las posibles fallas del sistema (para las cuales no tengo evidencias). Esto incluye la generación o intercambio de claves deficientes, datos o claves visibles para otros, uso de algoritmos débiles, subversión del kernel, etc. Estudie el código; conozca el código. + + + + IPsec---Definición + + Extensiones de seguridad del Protocolo de Internet para IPv4; requerido para IPv6. Un protocolo para negociar el cifrado y la autenticación a nivel de IP (host a host). SSL solo protege un socket de aplicación. SSH protege solo el login. PGP protege un archivo o mensaje específico. IPsec encripta todo entre dos hosts. + + + + Instalando IPsec + + La mayoría de las versiones modernas de FreeBSD soportan IPsec en su código base. Por lo tanto, deberá incluir la opción en la configuración de su kernel y, después de recompilar y reinstalar el kernel, configure las conexiones de IPsec usando el comando setkey8. + + En el Manual de FreeBSD se proporciona una guía completa sobre cómo ejecutar IPsec en FreeBSD. + + + + src/sys/i386/conf/KERNELNAME + + Esto debe estar presente en el archivo de configuración del kernel para capturar datos de red con tcpdump1. Asegúrese de ejecutar config8 después de agregar esto, recompilar y reinstalar. + + device bpf + + + + Maurer's Universal Statistical Test (tamaño de bloque=8 bits) + + Puede encontrar el mismo código fuente en este enlace. + +/* + ULISCAN.c ---blocksize of 8 + + 1 Oct 98 + 1 Dec 98 + 21 Dec 98 uliscan.c derived from ueli8.c + + This version has // comments removed for Sun cc + + This implements Ueli M Maurer's "Universal Statistical Test for Random + Bit Generators" using L=8 + + Accepts a filename on the command line; writes its results, with other + info, to stdout. + + Handles input file exhaustion gracefully. + + Ref: J. Cryptology v 5 no 2, 1992 pp 89-105 + also on the web somewhere, which is where I found it. + + -David Honig + honig@sprynet.com + + Usage: + ULISCAN filename + outputs to stdout +*/ + +#define L 8 +#define V (1<<L) +#define Q (10*V) +#define K (100 *Q) +#define MAXSAMP (Q + K) + +#include <stdio.h> +#include <math.h> + +int main(argc, argv) +int argc; +char **argv; +{ + FILE *fptr; + int i,j; + int b, c; + int table[V]; + double sum = 0.0; + int iproduct = 1; + int run; + + extern double log(/* double x */); + + printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP); + + if (argc < 2) { + printf("Usage: Uliscan filename\n"); + exit(-1); + } else { + printf("Measuring file %s\n", argv[1]); + } + + fptr = fopen(argv[1],"rb"); + + if (fptr == NULL) { + printf("Can't find %s\n", argv[1]); + exit(-1); + } + + for (i = 0; i < V; i++) { + table[i] = 0; + } + + for (i = 0; i < Q; i++) { + b = fgetc(fptr); + table[b] = i; + } + + printf("Init done\n"); + + printf("Expected value for L=8 is 7.1836656\n"); + + run = 1; + + while (run) { + sum = 0.0; + iproduct = 1; + + if (run) + for (i = Q; run && i < Q + K; i++) { + j = i; + b = fgetc(fptr); + + if (b < 0) + run = 0; + + if (run) { + if (table[b] > j) + j += K; + + sum += log((double)(j-table[b])); + + table[b] = i; + } + } + + if (!run) + printf("Premature end of file; read %d blocks.\n", i - Q); + + sum = (sum/((double)(i - Q))) / log(2.0); + printf("%4.4f ", sum); + + for (i = 0; i < (int)(sum*8.0 + 0.50); i++) + printf("-"); + + printf("\n"); + + /* refill initial table */ + if (0) { + for (i = 0; i < Q; i++) { + b = fgetc(fptr); + if (b < 0) { + run = 0; + } else { + table[b] = i; + } + } + } + } +} + +
Added: head/es_ES.ISO8859-1/articles/ipsec-must/es_ES.po ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/es_ES.ISO8859-1/articles/ipsec-must/es_ES.po Fri Mar 29 15:17:05 2019 (r52902) @@ -0,0 +1,685 @@ +# Sergio Carlavilla , 2019. #zanata +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2019-03-23 13:21+0100\n" +"PO-Revision-Date: 2019-03-23 12:15+0000\n" +"Last-Translator: Sergio Carlavilla \n" +"Language-Team: Spanish (Spain)\n" +"Language: es_ES\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Zanata 4.6.2\n" +"Plural-Forms: nplurals=2; plural=(n != 1)\n" + +#. Put one translator per line, in the form NAME , YEAR1, YEAR2 +msgctxt "_" +msgid "translator-credits" +msgstr "Sergio Carlavilla carlavilla@mailbox.org, 2019" + +#. (itstool) path: info/title +#: article.translate.xml:9 +msgid "Independent Verification of IPsec Functionality in FreeBSD" +msgstr "Verificación independiente de la funcionalidad de IPsec en FreeBSD" + +#. (itstool) path: affiliation/address +#: article.translate.xml:13 +#, no-wrap +msgid "honig@sprynet.com" +msgstr "honig@sprynet.com" + +#. (itstool) path: info/author +#: article.translate.xml:12 +msgid "" +"DavidHonig <_:address-1/> " +msgstr "" +"DavidHonig <_:address-1/> " + +#. (itstool) path: info/pubdate +#: article.translate.xml:16 +msgid "1999-05-03" +msgstr "1999-05-03" + +#. (itstool) path: legalnotice/para +#: article.translate.xml:19 +msgid "FreeBSD is a registered trademark of the FreeBSD Foundation." +msgstr "FreeBSD is a registered trademark of the FreeBSD Foundation." + +#. (itstool) path: legalnotice/para +#: article.translate.xml:21 +msgid "" +"Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The " +"Open Group are trademarks of The Open Group in the United States and other " +"countries." +msgstr "" +"Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The " +"Open Group are trademarks of The Open Group in the United States and other " +"countries." + +#. (itstool) path: legalnotice/para +#: article.translate.xml:25 +msgid "" +"Many of the designations used by manufacturers and sellers to distinguish " +"their products are claimed as trademarks. Where those designations appear in " +"this document, and the FreeBSD Project was aware of the trademark claim, the " +"designations have been followed by the or the ® symbol." +msgstr "" +"Many of the designations used by manufacturers and sellers to distinguish " +"their products are claimed as trademarks. Where those designations appear in " +"this document, and the FreeBSD Project was aware of the trademark claim, the " +"designations have been followed by the or the ® symbol." + +#. (itstool) path: info/releaseinfo +#: article.translate.xml:33 +msgid "" +"$FreeBSD: head/en_US.ISO8859-1/articles/ipsec-must/article.xml 52227 " +"2018-09-06 01:30:47Z ebrandi $" +msgstr "" + +#. (itstool) path: abstract/para +#: article.translate.xml:36 +msgid "" +"You installed IPsec and it seems to be working. How do you know? I describe " +"a method for experimentally verifying that IPsec is working." +msgstr "" +"Instaló IPsec y parece estar funcionando. ¿Cómo lo sabe? Describo un método " +"para verificar de forma experimental que IPsec está funcionando." + +#. (itstool) path: sect1/title +#: article.translate.xml:43 +msgid "The Problem" +msgstr "El problema" + +#. (itstool) path: sect1/para +#: article.translate.xml:45 +msgid "" +"First, lets assume you have installed " +"IPsec. How do you know it is working? Sure, your connection will not work if it is " +"misconfigured, and it will work when you finally get it right. " +"netstat1 will list it. But can you independently confirm it?" +msgstr "" +"Primero, asumamos que ha instalado " +"IPsec. ¿Cómo sabe que está funcionando? Claro, su conexión no funcionará si está mal " +"configurada, y funcionará cuando finalmente lo haga bien. " +"netstat1 la listará. ¿Pero puede confirmarlo de forma " +"independiente?" + +#. (itstool) path: sect1/title +#: article.translate.xml:54 +msgid "The Solution" +msgstr "La solución" + +#. (itstool) path: sect1/para +#: article.translate.xml:56 +msgid "First, some crypto-relevant info theory:" +msgstr "Primero, alguna información teórica relevante sobre criptografía:" + +#. (itstool) path: listitem/para +#: article.translate.xml:60 +msgid "" +"Encrypted data is uniformly distributed, i.e., has maximal entropy per " +"symbol;" +msgstr "" +"Los datos cifrados se distribuyen uniformemente, es decir, tienen una " +"entropía máxima por símbolo;" + +#. (itstool) path: listitem/para +#: article.translate.xml:65 +msgid "" +"Raw, uncompressed data is typically redundant, i.e., has sub-maximal entropy." +msgstr "" +"Los datos sin procesar y sin comprimir suelen ser redundantes, es decir, " +"tienen una entropía submáxima." + +#. (itstool) path: sect1/para +#: article.translate.xml:70 +msgid "" +"Suppose you could measure the entropy of the data to- and from- your network " +"interface. Then you could see the difference between unencrypted data and " +"encrypted data. This would be true even if some of the data in " +"encrypted mode was not encrypted---as the outermost IP header " +"must be if the packet is to be routable." +msgstr "" +"Suponga que usted pudiera medir la entropía de los datos que van hacia -y " +"desde- su interfaz de red. Entonces podría ver la diferencia entre los datos " +"no cifrados y los cifrados. Esto sería verdad incluso si algunos de los " +"datos en modo cifrado no lo estuvieran---ya que el encabezado " +"IP más externo debe estarlo para que el paquete sea enrutable." + +#. (itstool) path: sect2/title +#: article.translate.xml:78 +msgid "MUST" +msgstr "MUST" + +#. (itstool) path: sect2/para +#: article.translate.xml:80 +msgid "" +"Ueli Maurer's Universal Statistical Test for Random Bit Generators( MUST) quickly measures the entropy of a sample. It uses a " +"compression-like algorithm. The code is given below for a variant which measures successive (~quarter megabyte) chunks of " +"a file." +msgstr "" +"El Universal Statistical Test for Random Bit Generators " +"(MUST) de Ueli Maurer mide rápidamente la entropía de una muestra. " +"Utiliza un algoritmo de compresión. El código se " +"proporciona a continuación para una variante que mide partes " +"sucesivas (~cuarto de megabyte) de un archivo" + +#. (itstool) path: sect2/title +#: article.translate.xml:89 +msgid "Tcpdump" +msgstr "Tcpdump" + +#. (itstool) path: sect2/para +#: article.translate.xml:91 +msgid "" +"We also need a way to capture the raw network data. A program called " +"tcpdump1 lets you do this, if you have enabled the " +"Berkeley Packet Filter interface in your kernel's config file." +msgstr "" +"También necesitamos una forma de capturar los datos de red sin procesar. Un " +"programa llamado tcpdump1 le permite hacerlo, si " +"tiene habilitada la interfaz de Berkeley Packet Filter " +"en el archivo de configuración de su kernel." + +#. (itstool) path: sect2/para +#: article.translate.xml:97 +msgid "The command:" +msgstr "El comando:" + +#. (itstool) path: sect2/screen +#: article.translate.xml:99 +#, no-wrap +msgid "tcpdump -c 4000 -s 10000 -w dumpfile.bin" +msgstr "tcpdump -c 4000 -s 10000 -w dumpfile.bin" + +#. (itstool) path: sect2/para +#: article.translate.xml:101 +msgid "" +"will capture 4000 raw packets to dumpfile.bin. Up " +"to 10,000 bytes per packet will be captured in this example." +msgstr "" +"capturará 4000 paquetes sin procesar en el fichero dumpfile." +"bin. En este ejemplo se capturarán hasta 10.000 bytes por " +"paquete." + +#. (itstool) path: sect1/title +#: article.translate.xml:108 +msgid "The Experiment" +msgstr "El experimento" + +#. (itstool) path: sect1/para +#: article.translate.xml:110 +msgid "Here is the experiment:" +msgstr "Aquí está el experimento:" + +#. (itstool) path: step/para +#: article.translate.xml:114 +msgid "Open a window to an IPsec host and another window to an insecure host." +msgstr "Abra una ventana a un host IPsec y otra ventana a un host inseguro." + +#. (itstool) path: step/para +#: article.translate.xml:119 +msgid "Now start capturing packets." +msgstr "Ahora empiece a capturar paquetes." + +#. (itstool) path: step/para +#: article.translate.xml:124 +msgid "" +"In the secure window, run the UNIX command yes1, which will stream the " +"y character. After a while, stop this. Switch to the " +"insecure window, and repeat. After a while, stop." +msgstr "" +"En la ventana segura, ejecute el comando UNIX yes1, que transmitirá el " +"carácter y. Después de un rato, detenga el comando. " +"Cambie a la ventana insegura, y repita. Espere un poco, detenga el comando." + +#. (itstool) path: step/para +#: article.translate.xml:131 +msgid "" +"Now run MUST on the captured packets. You " +"should see something like the following. The important thing to note is that " +"the secure connection has 93% (6.7) of the expected value (7.18), and the " +"normal connection has 29% (2.1) of the expected value." +msgstr "" +"Ahora ejecute MUST en los paquetes capturados. " +"Debería ver algo como lo siguiente. Lo importante a tener en cuenta es que " +"la conexión segura tiene un 93% (6,7) del valor esperado (7,18), y la " +"conexión normal tiene un 29% (2,1) del valor esperado." + +#. (itstool) path: step/screen +#: article.translate.xml:138 +#, no-wrap +msgid "" +"% tcpdump -c 4000 -s 10000 -w ipsecdemo.bin\n" +"% uliscan ipsecdemo.bin\n" +"\n" +"Uliscan 21 Dec 98\n" +"L=8 256 258560\n" +"Measuring file ipsecdemo.bin\n" +"Init done\n" +"Expected value for L=8 is 7.1836656\n" +"6.9396 --------------------------------------------------------\n" +"6.6177 -----------------------------------------------------\n" +"6.4100 ---------------------------------------------------\n" +"2.1101 -----------------\n" +"2.0838 -----------------\n" +"2.0983 -----------------" +msgstr "" +"% tcpdump -c 4000 -s 10000 -w ipsecdemo.bin\n" +"% uliscan ipsecdemo.bin\n" +"\n" +"Uliscan 21 Dec 98\n" +"L=8 256 258560\n" +"Measuring file ipsecdemo.bin\n" +"Init done\n" +"Expected value for L=8 is 7.1836656\n" +"6.9396 --------------------------------------------------------\n" +"6.6177 -----------------------------------------------------\n" +"6.4100 ---------------------------------------------------\n" +"2.1101 -----------------\n" +"2.0838 -----------------\n" +"2.0983 -----------------" + +#. (itstool) path: sect1/title +#: article.translate.xml:157 +msgid "Caveat" +msgstr "Advertencia" + +#. (itstool) path: sect1/para +#: article.translate.xml:159 +msgid "" +"This experiment shows that IPsec does seem to be " +"distributing the payload data uniformly, as encryption " +"should. However, the experiment described here cannot " +"detect many possible flaws in a system (none of which do I have any evidence " +"for). These include poor key generation or exchange, data or keys being " +"visible to others, use of weak algorithms, kernel subversion, etc. Study the " +"source; know the code." +msgstr "" +"Este experimento muestra que IPsec parece estar " +"distribuyendo los datos de la carga útil uniformemente, " +"como debe hacerlo el cifrado. Sin embargo, el experimento aquí descrito " +"puede no detectar muchas de las posibles fallas del " +"sistema (para las cuales no tengo evidencias). Esto incluye la generación o " +"intercambio de claves deficientes, datos o claves visibles para otros, uso " +"de algoritmos débiles, subversión del kernel, etc. Estudie el código; " +"conozca el código." + +#. (itstool) path: sect1/title +#: article.translate.xml:171 +msgid "IPsec---Definition" +msgstr "IPsec---Definición" + +#. (itstool) path: sect1/para +#: article.translate.xml:173 +msgid "" +"Internet Protocol security extensions to IPv4; required for IPv6. A protocol " +"for negotiating encryption and authentication at the IP (host-to-host) " +"level. SSL secures only one application socket; SSH secures only a login; PGP secures " +"only a specified file or message. IPsec encrypts everything between two " +"hosts." +msgstr "" +"Extensiones de seguridad del Protocolo de Internet para IPv4; requerido para " +"IPv6. Un protocolo para negociar el cifrado y la autenticación a nivel de IP " +"(host a host). SSL solo protege un socket de aplicación. SSH protege solo el login. PGP protege " +"un archivo o mensaje específico. IPsec encripta todo entre dos hosts." + +#. (itstool) path: sect1/title +#: article.translate.xml:182 +msgid "Installing IPsec" +msgstr "Instalando IPsec" + +#. (itstool) path: sect1/para +#: article.translate.xml:184 +msgid "" +"Most of the modern versions of FreeBSD have IPsec support in their base " +"source. So you will need to include the option in " +"your kernel config and, after kernel rebuild and reinstall, configure IPsec " +"connections using setkey8 command." +msgstr "" +"La mayoría de las versiones modernas de FreeBSD soportan IPsec en su código " +"base. Por lo tanto, deberá incluir la opción en la " +"configuración de su kernel y, después de recompilar y reinstalar el kernel, " +"configure las conexiones de IPsec usando el comando " +"setkey8." + +#. (itstool) path: sect1/para +#: article.translate.xml:190 +msgid "" +"A comprehensive guide on running IPsec on FreeBSD is provided in FreeBSD Handbook." +msgstr "" +"En el Manual de FreeBSD se proporciona una guía " +"completa sobre cómo ejecutar IPsec en FreeBSD." + +#. (itstool) path: sect1/title +#: article.translate.xml:196 +msgid "src/sys/i386/conf/KERNELNAME" +msgstr "src/sys/i386/conf/KERNELNAME" + +#. (itstool) path: sect1/para +#: article.translate.xml:198 +msgid "" +"This needs to be present in the kernel config file in order to capture " +"network data with tcpdump1. Be sure to run " +"config8 after adding this, and rebuild and reinstall." +msgstr "" +"Esto debe estar presente en el archivo de configuración del kernel para " +"capturar datos de red con tcpdump1. Asegúrese de ejecutar " +"config8 después de agregar esto, recompilar y reinstalar." + +#. (itstool) path: sect1/programlisting +#: article.translate.xml:203 +#, no-wrap +msgid "device\tbpf" +msgstr "device\tbpf" + +#. (itstool) path: sect1/title +#: article.translate.xml:207 +msgid "Maurer's Universal Statistical Test (for block size=8 bits)" +msgstr "Maurer's Universal Statistical Test (tamaño de bloque=8 bits)" + +#. (itstool) path: sect1/para +#: article.translate.xml:210 +msgid "" +"You can find the same code at this link." +msgstr "" +"Puede encontrar el mismo código fuente en este enlace." + +#. (itstool) path: sect1/programlisting +#: article.translate.xml:213 +#, no-wrap +msgid "" +"/*\n" +" ULISCAN.c ---blocksize of 8\n" +"\n" +" 1 Oct 98\n" +" 1 Dec 98\n" +" 21 Dec 98 uliscan.c derived from ueli8.c\n" +"\n" +" This version has // comments removed for Sun cc\n" +"\n" +" This implements Ueli M Maurer's \"Universal Statistical Test for Random\n" +" Bit Generators\" using L=8\n" +"\n" +" Accepts a filename on the command line; writes its results, with other\n" +" info, to stdout.\n" +"\n" +" Handles input file exhaustion gracefully.\n" +"\n" +" Ref: J. Cryptology v 5 no 2, 1992 pp 89-105\n" +" also on the web somewhere, which is where I found it.\n" +"\n" +" -David Honig\n" +" honig@sprynet.com\n" +"\n" +" Usage:\n" +" ULISCAN filename\n" +" outputs to stdout\n" +"*/\n" +"\n" +"#define L 8\n" +"#define V (1<<L)\n" +"#define Q (10*V)\n" +"#define K (100 *Q)\n" +"#define MAXSAMP (Q + K)\n" +"\n" +"#include <stdio.h>\n" +"#include <math.h>\n" +"\n" +"int main(argc, argv)\n" +"int argc;\n" +"char **argv;\n" +"{\n" +" FILE *fptr;\n" +" int i,j;\n" +" int b, c;\n" +" int table[V];\n" +" double sum = 0.0;\n" +" int iproduct = 1;\n" +" int run;\n" +"\n" +" extern double log(/* double x */);\n" +"\n" +" printf(\"Uliscan 21 Dec 98 \\nL=%d %d %d \\n\", L, V, MAXSAMP);\n" +"\n" +" if (argc < 2) {\n" +" printf(\"Usage: Uliscan filename\\n\");\n" +" exit(-1);\n" +" } else {\n" +" printf(\"Measuring file %s\\n\", argv[1]);\n" +" }\n" +"\n" +" fptr = fopen(argv[1],\"rb\");\n" +"\n" +" if (fptr == NULL) {\n" +" printf(\"Can't find %s\\n\", argv[1]);\n" +" exit(-1);\n" +" }\n" +"\n" +" for (i = 0; i < V; i++) {\n" +" table[i] = 0;\n" +" }\n" +"\n" +" for (i = 0; i < Q; i++) {\n" +" b = fgetc(fptr);\n" +" table[b] = i;\n" +" }\n" +"\n" +" printf(\"Init done\\n\");\n" +"\n" +" printf(\"Expected value for L=8 is 7.1836656\\n\");\n" +"\n" +" run = 1;\n" +"\n" +" while (run) {\n" +" sum = 0.0;\n" +" iproduct = 1;\n" +"\n" +" if (run)\n" +" for (i = Q; run && i < Q + K; i++) {\n" +" j = i;\n" +" b = fgetc(fptr);\n" +"\n" +" if (b < 0)\n" +" run = 0;\n" +"\n" +" if (run) {\n" +" if (table[b] > j)\n" +" j += K;\n" +"\n" +" sum += log((double)(j-table[b]));\n" +"\n" +" table[b] = i;\n" +" }\n" +" }\n" +"\n" +" if (!run)\n" +" printf(\"Premature end of file; read %d blocks.\\n\", i - Q);\n" +"\n" +" sum = (sum/((double)(i - Q))) / log(2.0);\n" +" printf(\"%4.4f \", sum);\n" +"\n" +" for (i = 0; i < (int)(sum*8.0 + 0.50); i++)\n" +" printf(\"-\");\n" +"\n" +" printf(\"\\n\");\n" +"\n" +" /* refill initial table */\n" +" if (0) {\n" +" for (i = 0; i < Q; i++) {\n" +" b = fgetc(fptr);\n" +" if (b < 0) {\n" +" run = 0;\n" +" } else {\n" +" table[b] = i;\n" +" }\n" +" }\n" +" }\n" +" }\n" +"}" +msgstr "" +"/*\n" +" ULISCAN.c ---blocksize of 8\n" +"\n" +" 1 Oct 98\n" +" 1 Dec 98\n" +" 21 Dec 98 uliscan.c derived from ueli8.c\n" +"\n" +" This version has // comments removed for Sun cc\n" +"\n" +" This implements Ueli M Maurer's \"Universal Statistical Test for Random\n" +" Bit Generators\" using L=8\n" +"\n" +" Accepts a filename on the command line; writes its results, with other\n" +" info, to stdout.\n" +"\n" +" Handles input file exhaustion gracefully.\n" +"\n" +" Ref: J. Cryptology v 5 no 2, 1992 pp 89-105\n" +" also on the web somewhere, which is where I found it.\n" +"\n" +" -David Honig\n" +" honig@sprynet.com\n" +"\n" +" Usage:\n" +" ULISCAN filename\n" +" outputs to stdout\n" +"*/\n" +"\n" +"#define L 8\n" +"#define V (1<<L)\n" +"#define Q (10*V)\n" +"#define K (100 *Q)\n" +"#define MAXSAMP (Q + K)\n" +"\n" +"#include <stdio.h>\n" +"#include <math.h>\n" +"\n" +"int main(argc, argv)\n" +"int argc;\n" +"char **argv;\n" +"{\n" +" FILE *fptr;\n" +" int i,j;\n" +" int b, c;\n" +" int table[V];\n" +" double sum = 0.0;\n" +" int iproduct = 1;\n" +" int run;\n" +"\n" +" extern double log(/* double x */);\n" +"\n" +" printf(\"Uliscan 21 Dec 98 \\nL=%d %d %d \\n\", L, V, MAXSAMP);\n" +"\n" +" if (argc < 2) {\n" +" printf(\"Usage: Uliscan filename\\n\");\n" +" exit(-1);\n" +" } else {\n" +" printf(\"Measuring file %s\\n\", argv[1]);\n" +" }\n" +"\n" +" fptr = fopen(argv[1],\"rb\");\n" +"\n" +" if (fptr == NULL) {\n" +" printf(\"Can't find %s\\n\", argv[1]);\n" +" exit(-1);\n" +" }\n" +"\n" +" for (i = 0; i < V; i++) {\n" +" table[i] = 0;\n" +" }\n" +"\n" +" for (i = 0; i < Q; i++) {\n" +" b = fgetc(fptr);\n" +" table[b] = i;\n" +" }\n" +"\n" +" printf(\"Init done\\n\");\n" +"\n" +" printf(\"Expected value for L=8 is 7.1836656\\n\");\n" +"\n" +" run = 1;\n" +"\n" +" while (run) {\n" +" sum = 0.0;\n" +" iproduct = 1;\n" +"\n" +" if (run)\n" +" for (i = Q; run && i < Q + K; i++) {\n" +" j = i;\n" +" b = fgetc(fptr);\n" +"\n" +" if (b < 0)\n" +" run = 0;\n" +"\n" +" if (run) {\n" +" if (table[b] > j)\n" +" j += K;\n" +"\n" +" sum += log((double)(j-table[b]));\n" +"\n" +" table[b] = i;\n" +" }\n" +" }\n" +"\n" +" if (!run)\n" +" printf(\"Premature end of file; read %d blocks.\\n\", i - Q);\n" +"\n" +" sum = (sum/((double)(i - Q))) / log(2.0);\n" +" printf(\"%4.4f \", sum);\n" +"\n" +" for (i = 0; i < (int)(sum*8.0 + 0.50); i++)\n" +" printf(\"-\");\n" +"\n" +" printf(\"\\n\");\n" +"\n" +" /* refill initial table */\n" +" if (0) {\n" +" for (i = 0; i < Q; i++) {\n" +" b = fgetc(fptr);\n" +" if (b < 0) {\n" +" run = 0;\n" +" } else {\n" +" table[b] = i;\n" +" }\n" +" }\n" +" }\n" +" }\n" *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***