diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-29 21:18:06 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-29 21:18:06 -0600 |
| commit | 5ff316753118ac1445858a111c8d76da1c7c3e40 (patch) | |
| tree | f7deaa2a7d54a77ec50e3e1a46f6f1849bc07ceb /docs/contributing.rst | |
| parent | 3f17c7c68157ec04b98cb5fd61216a6644aa3a7c (diff) | |
| parent | 307437b1b401aa3bfd8f911c150a825476d06d9c (diff) | |
| download | cryptography-5ff316753118ac1445858a111c8d76da1c7c3e40.tar.gz cryptography-5ff316753118ac1445858a111c8d76da1c7c3e40.tar.bz2 cryptography-5ff316753118ac1445858a111c8d76da1c7c3e40.zip | |
Merge branch 'master' into urandom-engine
* master: (108 commits)
PBKDF2HMAC requires a PBKDF2HMACBackend provider.
one more replacement
simplify hmac supported and hash supported calls for commoncrypto
simplify check for algorithm
a bit more language work + changelog changes for pbkdf2hmac
one more style fix
a few typo fixes, capitalization, etc
switch to private attributes in pbkdf2hmac
expand docs to talk more about the purposes of KDFs
update docs re: PBKDF2HMAC iterations
add test for null char replacement
Added installation section to index.rst
called -> used
quotes inside, diff examples
Expose this method because probably someone will need it eventually
fix spacing, remove versionadded since HashAlgorithm was in 0.1
document HashAlgorithm
Added canonical installation document with details about various platforms, fixes #519
update docs for pbkdf2
Add bindings for X509_REQ_get_extensions.
...
Conflicts:
cryptography/hazmat/bindings/openssl/binding.py
docs/hazmat/backends/openssl.rst
Diffstat (limited to 'docs/contributing.rst')
| -rw-r--r-- | docs/contributing.rst | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/docs/contributing.rst b/docs/contributing.rst index 4bb1461d..184ba214 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -60,6 +60,12 @@ always indistinguishable. As a result ``cryptography`` has, as a design philosophy: "make it hard to do insecure things". Here are a few strategies for API design which should be both followed, and should inspire other API choices: +If it is necessary to compare a user provided value with a computed value (for +example, verifying a signature), there should be an API provided which performs +the verification in a secure way (for example, using a constant time +comparison), rather than requiring the user to perform the comparison +themselves. + If it is incorrect to ignore the result of a method, it should raise an exception, and not return a boolean ``True``/``False`` flag. For example, a method to verify a signature should raise ``InvalidSignature``, and not return @@ -287,5 +293,5 @@ The HTML documentation index can now be found at .. _`tox`: https://pypi.python.org/pypi/tox .. _`virtualenv`: https://pypi.python.org/pypi/virtualenv .. _`pip`: https://pypi.python.org/pypi/pip -.. _`sphinx`: https://pypi.python.org/pypi/sphinx +.. _`sphinx`: https://pypi.python.org/pypi/Sphinx .. _`reStructured Text`: http://sphinx-doc.org/rest.html |