From 9475900768962207477ed7d6e84e4099157a9d3f Mon Sep 17 00:00:00 2001 From: Eeshan Garg Date: Wed, 20 May 2015 20:35:33 +0530 Subject: Docs for CTR and GCM should say that IV/nonce must be unique --- docs/glossary.rst | 8 ++++++++ docs/hazmat/primitives/symmetric-encryption.rst | 13 ++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) (limited to 'docs') diff --git a/docs/glossary.rst b/docs/glossary.rst index dc6f3ebf..202fa2de 100644 --- a/docs/glossary.rst +++ b/docs/glossary.rst @@ -64,3 +64,11 @@ Glossary text This type corresponds to ``unicode`` on Python 2 and ``str`` on Python 3. This is equivalent to ``six.text_type``. + + nonce + A nonce is a **n**\ umber used **once**. Nonces are used in many + cryptographic protocols. Generally, a nonce does not have to be secret + or unpredictable, but it must be unique. A nonce is often a random + or pseudo-random number (see :doc:`Random number generation + `). Since a nonce does not have to be unpredictable, + it can also take a form of a counter. diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 47486895..309c6fd0 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -240,7 +240,7 @@ Modes **This mode does not require padding.** - :param bytes nonce: Should be :doc:`random bytes `. It is + :param bytes nonce: Should be unique, a :term:`nonce`. It is critical to never reuse a ``nonce`` with a given key. Any reuse of a nonce with the same key compromises the security of every message encrypted with that key. Must be the same number of bytes as the @@ -305,12 +305,11 @@ Modes **This mode does not require padding.** - :param bytes initialization_vector: Must be :doc:`random bytes - `. They do not need to be kept secret and they can be - included in a transmitted message. NIST `recommends a 96-bit IV - length`_ for performance critical situations but it can be up to - 2\ :sup:`64` - 1 bits. Do not reuse an ``initialization_vector`` with a - given ``key``. + :param bytes initialization_vector: Must be unique, a :term:`nonce`. + They do not need to be kept secret and they can be included in a + transmitted message. NIST `recommends a 96-bit IV length`_ for + performance critical situations but it can be up to 2\ :sup:`64` - 1 + bits. Do not reuse an ``initialization_vector`` with a given ``key``. .. note:: -- cgit v1.2.3 From 0bef7722f4d394a7fa67f724d9f13eca2eaf7d41 Mon Sep 17 00:00:00 2001 From: Eeshan Garg Date: Wed, 20 May 2015 22:06:24 +0530 Subject: Add the word 'Nonces' to docs/spelling_wordlist.txt --- docs/spelling_wordlist.txt | 1 + 1 file changed, 1 insertion(+) (limited to 'docs') diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index badb500c..81510134 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -40,6 +40,7 @@ multi naïve namespace namespaces +Nonces online paddings pickleable -- cgit v1.2.3