diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index f009bb78..6e3c1024 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -357,9 +357,10 @@ Modes Cryptography will emit a 128-bit tag when finalizing encryption. You can shorten a tag by truncating it to the desired length, but this is **not recommended** as it lowers the security margins of the - authentication (`NIST SP-800-38D`_ recommends 96-bit or greater). + authentication (`NIST SP-800-38D`_ recommends 96-bits or greater). If you must shorten the tag the minimum allowed length is 4 bytes - (32 bit). + (32-bits). Applications **must** verify the tag is the expected length + to guarantee the expected security margin. :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. |