199 lines
6.4 KiB
Text
199 lines
6.4 KiB
Text
# AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
# Translators:
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: Defensive Coding Guide\n"
|
|
"POT-Creation-Date: 2013-03-12T03:19:44\n"
|
|
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
|
|
"Last-Translator: Automatically generated\n"
|
|
"Language-Team: None\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
"Language: en_US\n"
|
|
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Cryptography"
|
|
msgstr "Cryptography"
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Primitives"
|
|
msgstr "Primitives"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Chosing from the following cryptographic primitives is recommended:"
|
|
msgstr "Chosing from the following cryptographic primitives is recommended:"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "RSA with 2048 bit keys and OAEP"
|
|
msgstr "RSA with 2048 bit keys and OAEP"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "AES-128 in CBC mode"
|
|
msgstr "AES-128 in CBC mode"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "SHA-256"
|
|
msgstr "SHA-256"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "HMAC-SHA-256"
|
|
msgstr "HMAC-SHA-256"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "HMAC-SHA-1"
|
|
msgstr "HMAC-SHA-1"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"Other cryptographic algorithms can be used if they are required for "
|
|
"interoperability with existing software:"
|
|
msgstr "Other cryptographic algorithms can be used if they are required for interoperability with existing software:"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "RSA with key sizes larger than 1024 and legacy padding"
|
|
msgstr "RSA with key sizes larger than 1024 and legacy padding"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "AES-192"
|
|
msgstr "AES-192"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "AES-256"
|
|
msgstr "AES-256"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "3DES (triple DES, with two or three 56 bit keys)"
|
|
msgstr "3DES (triple DES, with two or three 56 bit keys)"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "RC4 (but very, very strongly discouraged)"
|
|
msgstr "RC4 (but very, very strongly discouraged)"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "SHA-1"
|
|
msgstr "SHA-1"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "HMAC-MD5"
|
|
msgstr "HMAC-MD5"
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Important"
|
|
msgstr "Important"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"These primitives are difficult to use in a secure way. Custom implementation"
|
|
" of security protocols should be avoided. For protecting confidentiality and"
|
|
" integrity of network transmissions, TLS should be used (<xref linkend"
|
|
"=\"chap-Defensive_Coding-TLS\" />)."
|
|
msgstr "These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<xref linkend=\"chap-Defensive_Coding-TLS\" />)."
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Randomness"
|
|
msgstr "Randomness"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"The following facilities can be used to generate unpredictable and non-"
|
|
"repeating values. When these functions are used without special safeguards, "
|
|
"each individual rnadom value should be at least 12 bytes long."
|
|
msgstr "The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual rnadom value should be at least 12 bytes long."
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"<function>PK11_GenerateRandom</function> in the NSS library (usable for high"
|
|
" data rates)"
|
|
msgstr "<function>PK11_GenerateRandom</function> in the NSS library (usable for high data rates)"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"<function>RAND_bytes</function> in the OpenSSL library (usable for high data"
|
|
" rates)"
|
|
msgstr "<function>RAND_bytes</function> in the OpenSSL library (usable for high data rates)"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"<function>gnutls_rnd</function> in GNUTLS, with "
|
|
"<literal>GNUTLS_RND_RANDOM</literal> as the first argument (usable for high "
|
|
"data rates)"
|
|
msgstr "<function>gnutls_rnd</function> in GNUTLS, with <literal>GNUTLS_RND_RANDOM</literal> as the first argument (usable for high data rates)"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"<type>java.security.SecureRandom</type> in Java (usable for high data rates)"
|
|
msgstr "<type>java.security.SecureRandom</type> in Java (usable for high data rates)"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "<function>os.urandom</function> in Python"
|
|
msgstr "<function>os.urandom</function> in Python"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Reading from the <filename>/dev/urandom</filename> character device"
|
|
msgstr "Reading from the <filename>/dev/urandom</filename> character device"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"All these functions should be non-blocking, and they should not wait until "
|
|
"physical randomness becomes available. (Some cryptography providers for Java"
|
|
" can cause <type>java.security.SecureRandom</type> to block, however.) Those"
|
|
" functions which do not obtain all bits directly from "
|
|
"<filename>/dev/urandom</filename> are suitable for high data rates because "
|
|
"they do not deplete the system-wide entropy pool."
|
|
msgstr "All these functions should be non-blocking, and they should not wait until physical randomness becomes available. (Some cryptography providers for Java can cause <type>java.security.SecureRandom</type> to block, however.) Those functions which do not obtain all bits directly from <filename>/dev/urandom</filename> are suitable for high data rates because they do not deplete the system-wide entropy pool."
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Difficult to use API"
|
|
msgstr "Difficult to use API"
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"Both <function>RAND_bytes</function> and "
|
|
"<function>PK11_GenerateRandom</function> have three-state return values "
|
|
"(with conflicting meanings). Careful error checking is required. Please "
|
|
"review the documentation when using these functions."
|
|
msgstr "Both <function>RAND_bytes</function> and <function>PK11_GenerateRandom</function> have three-state return values (with conflicting meanings). Careful error checking is required. Please review the documentation when using these functions."
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Other sources of randomness should be considered predictable."
|
|
msgstr "Other sources of randomness should be considered predictable."
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid ""
|
|
"Generating randomness for cryptographic keys in long-term use may need "
|
|
"different steps and is best left to cryptographic libraries."
|
|
msgstr "Generating randomness for cryptographic keys in long-term use may need different steps and is best left to cryptographic libraries."
|