From afa84f10a2077b2365c30a133ae943e96c1c1ee8 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 27 May 2017 15:11:24 -0500
Subject: strongly encourage the use of fernet, document its limitation (#3623)

---
 docs/hazmat/primitives/symmetric-encryption.rst | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'docs/hazmat/primitives')

diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index e99c2c0a..8b047b8c 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -16,6 +16,9 @@ decrypt them.
 For this reason it is **strongly** recommended to combine encryption with a
 message authentication code, such as :doc:`HMAC </hazmat/primitives/mac/hmac>`,
 in an "encrypt-then-MAC" formulation as `described by Colin Percival`_.
+``cryptography`` includes a recipe named :doc:`/fernet` that does this for you.
+**To minimize the risk of security issues you should evaluate Fernet to see if
+it fits your needs before implementing anything using this module.**
 
 .. class:: Cipher(algorithm, mode, backend)
 
-- 
cgit v1.2.3