aboutsummaryrefslogtreecommitdiffstats
path: root/docs/hazmat/primitives/symmetric-encryption.rst
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2018-07-05 23:04:46 -0400
committerPaul Kehrer <paul.l.kehrer@gmail.com>2018-07-06 08:34:46 +0530
commitd6256094b26d4563ec9969f2a301dcf671c0f24d (patch)
tree0057a1041128bbba4c4bf7735aeb9960e860e963 /docs/hazmat/primitives/symmetric-encryption.rst
parent7a5d3716d0f9413a01651d2be5f0adbc5e858bfa (diff)
downloadcryptography-d6256094b26d4563ec9969f2a301dcf671c0f24d.tar.gz
cryptography-d6256094b26d4563ec9969f2a301dcf671c0f24d.tar.bz2
cryptography-d6256094b26d4563ec9969f2a301dcf671c0f24d.zip
Make the docs clearer on why truncated tags are a bad idea (#4312)
* Make the docs clearer on why truncated tags are a bad idea * clarify
Diffstat (limited to 'docs/hazmat/primitives/symmetric-encryption.rst')
-rw-r--r--docs/hazmat/primitives/symmetric-encryption.rst8
1 files changed, 4 insertions, 4 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 593b880b..5ebcca75 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -379,10 +379,10 @@ Modes
Cryptography will generate a 128-bit tag when finalizing encryption.
You can shorten a tag by truncating it to the desired length but this
- is **not recommended** as it lowers the security margins of the
- authentication (`NIST SP-800-38D`_ recommends 96-:term:`bits` or
- greater). Applications wishing to allow truncation must pass the
- ``min_tag_length`` parameter.
+ is **not recommended** as it makes it easier to forge messages, and
+ also potentially leaks the key (`NIST SP-800-38D`_ recommends
+ 96-:term:`bits` or greater). Applications wishing to allow truncation
+ can pass the ``min_tag_length`` parameter.
.. versionchanged:: 0.5