diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-05 23:04:46 -0400 | 
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-06 08:34:46 +0530 | 
| commit | d6256094b26d4563ec9969f2a301dcf671c0f24d (patch) | |
| tree | 0057a1041128bbba4c4bf7735aeb9960e860e963 /docs | |
| parent | 7a5d3716d0f9413a01651d2be5f0adbc5e858bfa (diff) | |
| download | cryptography-d6256094b26d4563ec9969f2a301dcf671c0f24d.tar.gz cryptography-d6256094b26d4563ec9969f2a301dcf671c0f24d.tar.bz2 cryptography-d6256094b26d4563ec9969f2a301dcf671c0f24d.zip | |
Make the docs clearer on why truncated tags are a bad idea (#4312)
* Make the docs clearer on why truncated tags are a bad idea
* clarify
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 8 | 
1 files changed, 4 insertions, 4 deletions
| diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 593b880b..5ebcca75 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -379,10 +379,10 @@ Modes          Cryptography will generate a 128-bit tag when finalizing encryption.          You can shorten a tag by truncating it to the desired length but this -        is **not recommended** as it lowers the security margins of the -        authentication (`NIST SP-800-38D`_ recommends 96-:term:`bits` or -        greater).  Applications wishing to allow truncation must pass the -        ``min_tag_length`` parameter. +        is **not recommended** as it makes it easier to forge messages, and +        also potentially leaks the key (`NIST SP-800-38D`_ recommends +        96-:term:`bits` or greater).  Applications wishing to allow truncation +        can pass the ``min_tag_length`` parameter.          .. versionchanged:: 0.5 | 
