diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-12-21 18:12:25 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-12-21 18:12:25 -0600 |
| commit | a7fbf07a3e96133b40df05ac5be159bbf6f1fc91 (patch) | |
| tree | 140a3dbaa0956af962b3d7be904a297d09982558 /docs | |
| parent | ca73504e62e2c55a7235f94c78cb8ee4d3718590 (diff) | |
| download | cryptography-a7fbf07a3e96133b40df05ac5be159bbf6f1fc91.tar.gz cryptography-a7fbf07a3e96133b40df05ac5be159bbf6f1fc91.tar.bz2 cryptography-a7fbf07a3e96133b40df05ac5be159bbf6f1fc91.zip | |
doc updates
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 8ed64c7c..85d7d5b1 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -354,8 +354,10 @@ Modes .. note:: - Do not truncate the GCM authentication tag unless absolutely necessary. - If you must truncate the minimum allowable length is 4 bytes. + `NIST SP-800-38D`_ recommends that GCM tags be 128, 120, 122, 104, or + 96-bits in length. Tags are shortened by truncating bytes. Longer tags + provide better security margins. If you must shorten the tag the minimum + allowed length is 4 bytes (32 bits). :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. @@ -395,3 +397,4 @@ Insecure Modes .. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +.. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf |