diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-10-11 19:49:57 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-10-11 07:49:57 -0400 |
commit | 1aac78c4d036d20e8892f3861ea947cadf6ab739 (patch) | |
tree | bb432229f698e613a554f23b9ec95b8ff2d20a8a /docs/hazmat/primitives/twofactor.rst | |
parent | a3facfae09c881b8a1953ffd7b192debc58bb5a0 (diff) | |
download | cryptography-1aac78c4d036d20e8892f3861ea947cadf6ab739.tar.gz cryptography-1aac78c4d036d20e8892f3861ea947cadf6ab739.tar.bz2 cryptography-1aac78c4d036d20e8892f3861ea947cadf6ab739.zip |
let's talk about bits baby (#3956)
Diffstat (limited to 'docs/hazmat/primitives/twofactor.rst')
-rw-r--r-- | docs/hazmat/primitives/twofactor.rst | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index 9f11332f..3b4f3961 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -24,8 +24,9 @@ codes (HMAC). HOTP objects take a ``key``, ``length`` and ``algorithm`` parameter. The ``key`` should be :doc:`randomly generated bytes </random-numbers>` and is - recommended to be 160 bits in length. The ``length`` parameter controls the - length of the generated one time password and must be >= 6 and <= 8. + recommended to be 160 :term:`bits` in length. The ``length`` parameter + controls the length of the generated one time password and must be >= 6 + and <= 8. This is an implementation of :rfc:`4226`. @@ -41,8 +42,8 @@ codes (HMAC). >>> hotp.verify(hotp_value, 0) :param bytes key: Per-user secret key. This value must be kept secret - and be at least 128 bits. It is recommended that the - key be 160 bits. + and be at least 128 :term:`bits`. It is recommended that + the key be 160 bits. :param int length: Length of generated one time password as ``int``. :param cryptography.hazmat.primitives.hashes.HashAlgorithm algorithm: A :class:`~cryptography.hazmat.primitives.hashes` @@ -51,17 +52,17 @@ codes (HMAC). :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` instance. :param enforce_key_length: A boolean flag defaulting to True that toggles - whether a minimum key length of 128 bits is enforced. This exists to - work around the fact that as documented in `Issue #2915`_, the - Google Authenticator PAM module by default generates 80 bit keys. If - this flag is set to False, the application develop should implement + whether a minimum key length of 128 :term:`bits` is enforced. This + exists to work around the fact that as documented in `Issue #2915`_, + the Google Authenticator PAM module by default generates 80 bit keys. + If this flag is set to False, the application develop should implement additional checks of the key length before passing it into :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`. .. versionadded:: 1.5 :raises ValueError: This is raised if the provided ``key`` is shorter than - 128 bits or if the ``length`` parameter is not 6, 7 or 8. + 128 :term:`bits` or if the ``length`` parameter is not 6, 7 or 8. :raises TypeError: This is raised if the provided ``algorithm`` is not :class:`~cryptography.hazmat.primitives.hashes.SHA1()`, :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or @@ -163,7 +164,7 @@ similar to the following code. >>> totp.verify(totp_value, time_value) :param bytes key: Per-user secret key. This value must be kept secret - and be at least 128 bits. It is recommended that the + and be at least 128 :term:`bits`. It is recommended that the key be 160 bits. :param int length: Length of generated one time password as ``int``. :param cryptography.hazmat.primitives.hashes.HashAlgorithm algorithm: A @@ -174,7 +175,7 @@ similar to the following code. :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` instance. :param enforce_key_length: A boolean flag defaulting to True that toggles - whether a minimum key length of 128 bits is enforced. This exists to + whether a minimum key length of 128 :term:`bits` is enforced. This exists to work around the fact that as documented in `Issue #2915`_, the Google Authenticator PAM module by default generates 80 bit keys. If this flag is set to False, the application develop should implement @@ -183,7 +184,7 @@ similar to the following code. .. versionadded:: 1.5 :raises ValueError: This is raised if the provided ``key`` is shorter than - 128 bits or if the ``length`` parameter is not 6, 7 or 8. + 128 :term:`bits` or if the ``length`` parameter is not 6, 7 or 8. :raises TypeError: This is raised if the provided ``algorithm`` is not :class:`~cryptography.hazmat.primitives.hashes.SHA1()`, :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or |