diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-12-21 18:41:38 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-12-21 18:41:38 -0600 |
| commit | fc73e2d04315e21011869fbd925df9e7a99d21ae (patch) | |
| tree | 155a8dbffcd017e84dfe9d49375bd6f9382a83b6 /docs/hazmat | |
| parent | a7fbf07a3e96133b40df05ac5be159bbf6f1fc91 (diff) | |
| download | cryptography-fc73e2d04315e21011869fbd925df9e7a99d21ae.tar.gz cryptography-fc73e2d04315e21011869fbd925df9e7a99d21ae.tar.bz2 cryptography-fc73e2d04315e21011869fbd925df9e7a99d21ae.zip | |
prose updates for GCM tag
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 85d7d5b1..f009bb78 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -354,10 +354,12 @@ Modes .. note:: - `NIST SP-800-38D`_ recommends that GCM tags be 128, 120, 122, 104, or - 96-bits in length. Tags are shortened by truncating bytes. Longer tags - provide better security margins. If you must shorten the tag the minimum - allowed length is 4 bytes (32 bits). + Cryptography will emit a 128-bit tag when finalizing encryption. + You can shorten a tag by truncating it to the desired length, but this + is **not recommended** as it lowers the security margins of the + authentication (`NIST SP-800-38D`_ recommends 96-bit or greater). + If you must shorten the tag the minimum allowed length is 4 bytes + (32 bit). :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. |