# AUTHOR , YEAR. # # Translators: msgid "" msgstr "" "Project-Id-Version: Defensive Coding Guide\n" "POT-Creation-Date: 2013-03-12T03:19:44\n" "PO-Revision-Date: 2013-03-19 15:29+0000\n" "Last-Translator: Automatically generated\n" "Language-Team: Tibetan \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Language: bo\n" "Plural-Forms: nplurals=1; plural=0;\n" #. Tag: title #, no-c-format msgid "Cryptography" msgstr "" #. Tag: title #, no-c-format msgid "Primitives" msgstr "" #. Tag: para #, no-c-format msgid "Chosing from the following cryptographic primitives is recommended:" msgstr "" #. Tag: para #, no-c-format msgid "RSA with 2048 bit keys and OAEP" msgstr "" #. Tag: para #, no-c-format msgid "AES-128 in CBC mode" msgstr "" #. Tag: para #, no-c-format msgid "SHA-256" msgstr "" #. Tag: para #, no-c-format msgid "HMAC-SHA-256" msgstr "" #. Tag: para #, no-c-format msgid "HMAC-SHA-1" msgstr "" #. Tag: para #, no-c-format msgid "" "Other cryptographic algorithms can be used if they are required for " "interoperability with existing software:" msgstr "" #. Tag: para #, no-c-format msgid "RSA with key sizes larger than 1024 and legacy padding" msgstr "" #. Tag: para #, no-c-format msgid "AES-192" msgstr "" #. Tag: para #, no-c-format msgid "AES-256" msgstr "" #. Tag: para #, no-c-format msgid "3DES (triple DES, with two or three 56 bit keys)" msgstr "" #. Tag: para #, no-c-format msgid "RC4 (but very, very strongly discouraged)" msgstr "" #. Tag: para #, no-c-format msgid "SHA-1" msgstr "" #. Tag: para #, no-c-format msgid "HMAC-MD5" msgstr "" #. Tag: title #, no-c-format msgid "Important" msgstr "" #. Tag: para #, no-c-format msgid "" "These primitives are difficult to use in a secure way. Custom implementation" " of security protocols should be avoided. For protecting confidentiality and" " integrity of network transmissions, TLS should be used ()." msgstr "" #. Tag: title #, no-c-format msgid "Randomness" msgstr "" #. Tag: para #, no-c-format msgid "" "The following facilities can be used to generate unpredictable and non-" "repeating values. When these functions are used without special safeguards, " "each individual rnadom value should be at least 12 bytes long." msgstr "" #. Tag: para #, no-c-format msgid "" "PK11_GenerateRandom in the NSS library (usable for high" " data rates)" msgstr "" #. Tag: para #, no-c-format msgid "" "RAND_bytes in the OpenSSL library (usable for high data" " rates)" msgstr "" #. Tag: para #, no-c-format msgid "" "gnutls_rnd in GNUTLS, with " "GNUTLS_RND_RANDOM as the first argument (usable for high " "data rates)" msgstr "" #. Tag: para #, no-c-format msgid "" "java.security.SecureRandom in Java (usable for high data rates)" msgstr "" #. Tag: para #, no-c-format msgid "os.urandom in Python" msgstr "" #. Tag: para #, no-c-format msgid "Reading from the /dev/urandom character device" msgstr "" #. Tag: para #, no-c-format msgid "" "All these functions should be non-blocking, and they should not wait until " "physical randomness becomes available. (Some cryptography providers for Java" " can cause java.security.SecureRandom to block, however.) Those" " functions which do not obtain all bits directly from " "/dev/urandom are suitable for high data rates because " "they do not deplete the system-wide entropy pool." msgstr "" #. Tag: title #, no-c-format msgid "Difficult to use API" msgstr "" #. Tag: para #, no-c-format msgid "" "Both RAND_bytes and " "PK11_GenerateRandom have three-state return values " "(with conflicting meanings). Careful error checking is required. Please " "review the documentation when using these functions." msgstr "" #. Tag: para #, no-c-format msgid "Other sources of randomness should be considered predictable." msgstr "" #. Tag: para #, no-c-format msgid "" "Generating randomness for cryptographic keys in long-term use may need " "different steps and is best left to cryptographic libraries." msgstr ""