From f39716de33ad0b387f829bc111c8490d57ad6cf6 Mon Sep 17 00:00:00 2001 From: Ayrx Date: Fri, 21 Feb 2014 14:38:30 +0800 Subject: Small fixes --- docs/hazmat/primitives/twofactor.rst | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index 12277c8f..120beb06 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -105,8 +105,9 @@ This can be accomplished with something similar to the following code. TOTP objects take a ``key``, ``length``, ``algorithm`` and ``time_step`` parameter. The ``key`` should be randomly generated bytes and is recommended - to be 160 bits in length. The ``length`` parameter controls the length of the - generated one time password and must be >= 6 and <= 8. + to be as long as your hash function's output (e.g 256-bit for SHA256). + The ``length`` parameter controls the length of the generated one time + password and must be >= 6 and <= 8. This is an implementation of :rfc:`6238`. @@ -123,8 +124,8 @@ This can be accomplished with something similar to the following code. >>> totp.verify(b"94287082", 59) :param bytes key: Secret key as ``bytes``. This value must be generated in a - cryptographically secure fashion and be at least 128 bits. - It is recommended that the key be 160 bits. + cryptographically secure fashion and be as long as your hash + function's output (e.g 256-bit for SHA256). :param int length: Length of generated one time password as ``int``. :param algorithm: A :class:`~cryptography.hazmat.primitives.hashes` @@ -137,5 +138,3 @@ This can be accomplished with something similar to the following code. or if the ``length`` parameter is not between 6 to 8. :raises UnsupportedAlgorithm: This is raised if the provided ``algorithm`` is not ``SHA1()``, ``SHA256()`` or ``SHA512()``. - - -- cgit v1.2.3