Merge branch 'master' into arc4-support

* master: Typo Be really explicit about what's good and bad Mention return types. Consistently use e.g. Module documentation. Single space. Add a new Mode interface to document mode.name and start on some prose docs for interfaces. Proper name for the iv thing. Actually note the properties for cipher modes types on their ABCs. Conflicts: docs/hazmat/primitives/symmetric-encryption.rst
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2013-11-08 07:58:04 +0800
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2013-11-08 07:58:04 +0800
commit: 129d61e07243a6134eefa5c5de13c52f4e900794 (patch)
tree: 1f421fc954429a3471d9dfc1c5495d6b76bd88e3 /docs/hazmat/primitives/symmetric-encryption.rst
parent: a5f04c053ca819d6d8be485d2b62a6bed8bdf195 (diff)
parent: 635b542ded9ede772a2ca907e8bb5349ded333bd (diff)
download: cryptography-129d61e07243a6134eefa5c5de13c52f4e900794.tar.gz
cryptography-129d61e07243a6134eefa5c5de13c52f4e900794.tar.bz2
cryptography-129d61e07243a6134eefa5c5de13c52f4e900794.zip
1 files changed, 26 insertions, 3 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 4d0703bb..9d18ce50 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -159,6 +159,9 @@ Weak Ciphers
                       ``192``, or ``256`` bits in length.  This must be kept
                       secret.
 
+
+.. _symmetric-encryption-modes:
+
 Modes
 ~~~~~
 
@@ -173,9 +176,29 @@ Modes
                                         to be kept secret (they can be included
                                         in a transmitted message). Must be the
                                         same number of bytes as the
-                                        ``block_size`` of the cipher. Do not
-                                        reuse an ``initialization_vector`` with
-                                        a given ``key``.
+                                        ``block_size`` of the cipher. Each time
+                                        something is encrypted a new
+                                        ``initialization_vector`` should be
+                                        generated. Do not reuse an
+                                        ``initialization_vector`` with
+                                        a given ``key``, and particularly do
+                                        not use a constant
+                                        ``initialization_vector``.
+
+    A good construction looks like:
+
+    .. code-block:: pycon
+
+        >>> import os
+        >>> iv = os.urandom(16)
+        >>> mode = CBC(iv)
+
+    While the following is bad and will leak information:
+
+    .. code-block:: pycon
+
+        >>> iv = "a" * 16
+        >>> mode = CBC(iv)
 
 
 .. class:: CTR(nonce)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2013-11-08 07:58:04 +0800
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2013-11-08 07:58:04 +0800
commit	129d61e07243a6134eefa5c5de13c52f4e900794 (patch)
tree	1f421fc954429a3471d9dfc1c5495d6b76bd88e3 /docs/hazmat/primitives/symmetric-encryption.rst
parent	a5f04c053ca819d6d8be485d2b62a6bed8bdf195 (diff)
parent	635b542ded9ede772a2ca907e8bb5349ded333bd (diff)
download	cryptography-129d61e07243a6134eefa5c5de13c52f4e900794.tar.gz cryptography-129d61e07243a6134eefa5c5de13c52f4e900794.tar.bz2 cryptography-129d61e07243a6134eefa5c5de13c52f4e900794.zip