From 05515723738870170b05b47ee260564b9ebe62f9 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 17 Dec 2013 20:43:59 -0800
Subject: Mention that the timestamp is plaintext

---
 docs/fernet.rst | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/fernet.rst b/docs/fernet.rst
index 0122e364..a47ae2e3 100644
--- a/docs/fernet.rst
+++ b/docs/fernet.rst
@@ -39,7 +39,10 @@ using it cannot be manipulated or read without the key.
         :param bytes plaintext: The message you would like to encrypt.
         :returns bytes: A secure message which cannot be read or altered
                         without the key. It is URL-safe base64-encoded. This is
-                        refered to as a "Fernet token".
+                        refered to as a "Fernet token". Note that this *does*
+                        contain the current time when it was generated in
+                        plaintext, the time a message was created will
+                        therefore be visible to a possible attacker.
 
     .. method:: decrypt(token, ttl=None)
 
-- 
cgit v1.2.3