diff options
| author | Julian Krause <julian.krause@gmail.com> | 2013-12-25 12:58:40 -0800 |
|---|---|---|
| committer | Julian Krause <julian.krause@gmail.com> | 2013-12-25 12:58:40 -0800 |
| commit | e62760af74ebb8b08d7670dfaff177cdeb679f0f (patch) | |
| tree | 70e51d6aadff7d1ec204793b12de221610204254 /docs/hazmat/primitives/symmetric-encryption.rst | |
| parent | c91fe6a21fbae3107de7b2e53b7343cd67ac8c6d (diff) | |
| parent | 0865a8b81075bfe073aba56e03cc57c30bfffe00 (diff) | |
| download | cryptography-e62760af74ebb8b08d7670dfaff177cdeb679f0f.tar.gz cryptography-e62760af74ebb8b08d7670dfaff177cdeb679f0f.tar.bz2 cryptography-e62760af74ebb8b08d7670dfaff177cdeb679f0f.zip | |
Merge branch 'master' of https://github.com/pyca/cryptography into verify
Conflicts:
tests/hazmat/primitives/test_hashes.py
tests/hazmat/primitives/test_hmac.py
Diffstat (limited to 'docs/hazmat/primitives/symmetric-encryption.rst')
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index f4d0457a..30896a05 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -61,7 +61,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm` + and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. .. method:: decryptor() @@ -352,6 +352,16 @@ Modes Do not reuse an ``initialization_vector`` with a given ``key``. + .. note:: + + Cryptography will emit a 128-bit tag when finalizing encryption. + You can shorten a tag by truncating it to the desired length, but this + is **not recommended** as it lowers the security margins of the + authentication (`NIST SP-800-38D`_ recommends 96-bits or greater). + If you must shorten the tag the minimum allowed length is 4 bytes + (32-bits). Applications **must** verify the tag is the expected length + to guarantee the expected security margin. + :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. @@ -390,3 +400,4 @@ Insecure Modes .. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +.. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf |