169 lines
4 KiB
Text
169 lines
4 KiB
Text
#
|
|
# AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: 0\n"
|
|
"POT-Creation-Date: 2013-09-18T00:49:43\n"
|
|
"PO-Revision-Date: 2013-09-18T00:49:43\n"
|
|
"Last-Translator: Automatically generated\n"
|
|
"Language-Team: None\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: application/x-publican; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Cryptography"
|
|
msgstr ""
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Primitives"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Choosing from the following cryptographic primitives is recommended:"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "RSA with 2048 bit keys and OAEP"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "AES-128 in CBC mode"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "SHA-256"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "HMAC-SHA-256"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "HMAC-SHA-1"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Other cryptographic algorithms can be used if they are required for interoperability with existing software:"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "RSA with key sizes larger than 1024 and legacy padding"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "AES-192"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "AES-256"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "3DES (triple DES, with two or three 56 bit keys)"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "RC4 (but very, very strongly discouraged)"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "SHA-1"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "HMAC-MD5"
|
|
msgstr ""
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Important"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<xref linkend=\"chap-Defensive_Coding-TLS\" />)."
|
|
msgstr ""
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Randomness"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual random value should be at least 12 bytes long."
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "<function>PK11_GenerateRandom</function> in the NSS library (usable for high data rates)"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "<function>RAND_bytes</function> in the OpenSSL library (usable for high data rates)"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "<function>gnutls_rnd</function> in GNUTLS, with <literal>GNUTLS_RND_RANDOM</literal> as the first argument (usable for high data rates)"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "<type>java.security.SecureRandom</type> in Java (usable for high data rates)"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "<function>os.urandom</function> in Python"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Reading from the <filename>/dev/urandom</filename> character device"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "All these functions should be non-blocking, and they should not wait until physical randomness becomes available. (Some cryptography providers for Java can cause <type>java.security.SecureRandom</type> to block, however.) Those functions which do not obtain all bits directly from <filename>/dev/urandom</filename> are suitable for high data rates because they do not deplete the system-wide entropy pool."
|
|
msgstr ""
|
|
|
|
#. Tag: title
|
|
#, no-c-format
|
|
msgid "Difficult to use API"
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Both <function>RAND_bytes</function> and <function>PK11_GenerateRandom</function> have three-state return values (with conflicting meanings). Careful error checking is required. Please review the documentation when using these functions."
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Other sources of randomness should be considered predictable."
|
|
msgstr ""
|
|
|
|
#. Tag: para
|
|
#, no-c-format
|
|
msgid "Generating randomness for cryptographic keys in long-term use may need different steps and is best left to cryptographic libraries."
|
|
msgstr ""
|
|
|