diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-27 08:22:07 -0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-27 08:22:07 -0800 |
commit | 4b31af7407ab6221712e8d83cd1bce53bd57aa95 (patch) | |
tree | 7b6774bc8559f51b47cb3510c244146ce20d00fb /docs/hazmat/primitives/symmetric-encryption.rst | |
parent | 3ac297e4c9b655b3222da1830e9677c9d03a3926 (diff) | |
parent | 37c88a0dea800b3028f95bf71a8cd6e344254d4e (diff) | |
download | cryptography-4b31af7407ab6221712e8d83cd1bce53bd57aa95.tar.gz cryptography-4b31af7407ab6221712e8d83cd1bce53bd57aa95.tar.bz2 cryptography-4b31af7407ab6221712e8d83cd1bce53bd57aa95.zip |
Merge branch 'master' into fernet
Diffstat (limited to 'docs/hazmat/primitives/symmetric-encryption.rst')
-rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 7b012975..e05248ff 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -61,7 +61,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm` + and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. .. method:: decryptor() @@ -352,6 +352,16 @@ Modes Do not reuse an ``initialization_vector`` with a given ``key``. + .. note:: + + Cryptography will emit a 128-bit tag when finalizing encryption. + You can shorten a tag by truncating it to the desired length, but this + is **not recommended** as it lowers the security margins of the + authentication (`NIST SP-800-38D`_ recommends 96-bits or greater). + If you must shorten the tag the minimum allowed length is 4 bytes + (32-bits). Applications **must** verify the tag is the expected length + to guarantee the expected security margin. + :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. @@ -390,3 +400,4 @@ Insecure Modes .. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +.. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf |