diff options
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/backends/commoncrypto.rst | 4 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 4 | ||||
| -rw-r--r-- | docs/hazmat/backends/openssl.rst | 10 | ||||
| -rw-r--r-- | docs/hazmat/primitives/mac/cmac.rst | 4 | ||||
| -rw-r--r-- | docs/hazmat/primitives/mac/index.rst | 3 | ||||
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 4 |
6 files changed, 15 insertions, 14 deletions
diff --git a/docs/hazmat/backends/commoncrypto.rst b/docs/hazmat/backends/commoncrypto.rst index 77d6612c..ddaf97e5 100644 --- a/docs/hazmat/backends/commoncrypto.rst +++ b/docs/hazmat/backends/commoncrypto.rst @@ -3,8 +3,8 @@ CommonCrypto backend ==================== -The `CommonCrypto`_ C library provided by Apple on OS X and iOS. The CommonCrypto -backend is only supported on OS X versions 10.8 and above. +The `CommonCrypto`_ C library provided by Apple on OS X and iOS. The +CommonCrypto backend is only supported on OS X versions 10.8 and above. .. currentmodule:: cryptography.hazmat.backends.commoncrypto.backend diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 1e1a6b28..ff389cb5 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -6,8 +6,8 @@ Backend interfaces .. currentmodule:: cryptography.hazmat.backends.interfaces -Backend implementations may provide a number of interfaces to support operations -such as :doc:`/hazmat/primitives/symmetric-encryption`, +Backend implementations may provide a number of interfaces to support +operations such as :doc:`/hazmat/primitives/symmetric-encryption`, :doc:`/hazmat/primitives/cryptographic-hashes`, and :doc:`/hazmat/primitives/mac/hmac`. diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index f21116b8..6ad0d045 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -46,9 +46,9 @@ where two different processes can return similar or identical keys and compromise the security of the system. The approach this project has chosen to mitigate this vulnerability is to -include an engine that replaces the OpenSSL default CSPRNG with one that sources -its entropy from ``/dev/urandom`` on UNIX-like operating systems and uses -``CryptGenRandom`` on Windows. This method of pulling from the system pool +include an engine that replaces the OpenSSL default CSPRNG with one that +sources its entropy from ``/dev/urandom`` on UNIX-like operating systems and +uses ``CryptGenRandom`` on Windows. This method of pulling from the system pool allows us to avoid potential issues with `initializing the RNG`_ as well as protecting us from the ``fork()`` weakness. @@ -70,8 +70,8 @@ On Windows the implementation of ``CryptGenRandom`` depends on which version of the operation system you are using. See the `Microsoft documentation`_ for more details. -Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source seeded -from the same pool as ``/dev/random``. +Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source +seeded from the same pool as ``/dev/random``. .. _`OpenSSL`: https://www.openssl.org/ diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst index 23b1fea2..498b8b1e 100644 --- a/docs/hazmat/primitives/mac/cmac.rst +++ b/docs/hazmat/primitives/mac/cmac.rst @@ -10,8 +10,8 @@ Cipher-based message authentication code import binascii key = binascii.unhexlify(b"0" * 32) -`Cipher-based message authentication codes`_ (or CMACs) are a tool for calculating -message authentication codes using a block cipher coupled with a +`Cipher-based message authentication codes`_ (or CMACs) are a tool for +calculating message authentication codes using a block cipher coupled with a secret key. You can use an CMAC to verify both the integrity and authenticity of a message. diff --git a/docs/hazmat/primitives/mac/index.rst b/docs/hazmat/primitives/mac/index.rst index 4f075417..acfe9bed 100644 --- a/docs/hazmat/primitives/mac/index.rst +++ b/docs/hazmat/primitives/mac/index.rst @@ -6,7 +6,8 @@ Message Authentication Codes While cryptography supports both the CMAC and HMAC algorithms, we strongly recommend that HMAC should be used unless you have a good reason otherwise. -For more information on why HMAC is preferred, see `Use cases for CMAC vs. HMAC?`_ +For more information on why HMAC is preferred, see `Use cases for CMAC vs. +HMAC?`_ .. _`Use cases for CMAC vs. HMAC?`: http://crypto.stackexchange.com/questions/15721/use-cases-for-cmac-vs-hmac diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 0e3a451c..bca78354 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -21,8 +21,8 @@ message but an attacker can create bogus messages and force the application to decrypt them. For this reason it is **strongly** recommended to combine encryption with a -message authentication code, such as :doc:`HMAC </hazmat/primitives/mac/hmac>`, in -an "encrypt-then-MAC" formulation as `described by Colin Percival`_. +message authentication code, such as :doc:`HMAC </hazmat/primitives/mac/hmac>`, +in an "encrypt-then-MAC" formulation as `described by Colin Percival`_. .. class:: Cipher(algorithm, mode, backend) |