From 848f770c4ab33e0d1cd98c78480ae32d5c5f134e Mon Sep 17 00:00:00 2001
From: Julian Krause <julian.krause@gmail.com>
Date: Thu, 12 Dec 2013 20:55:39 -0800
Subject: Update documentation again to make it clearer what this is for. Moved
 to using Coda Hale's post.

---
 docs/conf.py                             |  2 --
 docs/hazmat/primitives/constant-time.rst | 16 ++++++++++------
 2 files changed, 10 insertions(+), 8 deletions(-)

(limited to 'docs')

diff --git a/docs/conf.py b/docs/conf.py
index c6479ef3..5092e4d3 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -257,7 +257,5 @@ texinfo_documents = [
 # How to display URL addresses: 'footnote', 'no', or 'inline'.
 #texinfo_show_urls = 'footnote'
 
-linkcheck_ignore = [r'http://rdist.root.org/']
-
 # Example configuration for intersphinx: refer to the Python standard library.
 intersphinx_mapping = {'http://docs.python.org/': None}
diff --git a/docs/hazmat/primitives/constant-time.rst b/docs/hazmat/primitives/constant-time.rst
index 4e00e9b9..4df73b3c 100644
--- a/docs/hazmat/primitives/constant-time.rst
+++ b/docs/hazmat/primitives/constant-time.rst
@@ -5,12 +5,16 @@ Constant time functions
 
 .. currentmodule:: cryptography.hazmat.primitives.constant_time
 
-In order for cryptographic operations to not leak information through timing
-side channels, constant time operations need to be used.
+This module contains functions for operating with secret data in a way that
+does not leak information about that data through how long it takes to perform
+the operation. These functions should be used whenever operating on secret data
+along with data that is user supplied.
 
-One should use these functions whenever you are comparing a secret to
-something received. This includes things like HMAC signatures as described by
-a `timing attack on KeyCzar`_.
+An example would be comparing a HMAC signature received from a client to the
+one generated by the server code for authentication purposes.
+
+For more information about this sort of issue, see `Coda Hale's blog post`_
+about the timing attacks on KeyCzar and Java's ``MessageDigest.isEquals()``.
 
 
 .. function:: bytes_eq(a, b)
@@ -31,4 +35,4 @@ a `timing attack on KeyCzar`_.
     :returns boolean: True if ``a`` has the same bytes as ``b``.
 
 
-.. _`timing attack on KeyCzar`: http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/
+.. _`Coda Hale's blog post`: http://codahale.com/a-lesson-in-timing-attacks/
-- 
cgit v1.2.3