saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Be clear that a lack of authentication often means you don't have secrecy (#5454)

Browse source
This commit is contained in:
Alex Gaynor 2020-09-05 11:46:34 -04:00 committed by GitHub
parent ad05ebbb32
commit 3367c18bf2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docs/hazmat/primitives/symmetric-encryption.rst
View file

@ -11,7 +11,8 @@ where the sender and receiver both use the same secret key. Note that symmetric
encryption is **not** sufficient for most applications because it only
provides secrecy but not authenticity. That means an attacker can't see the
message but an attacker can create bogus messages and force the application to
decrypt them.
decrypt them. In many contexts, a lack of authentication on encrypted messages
can result in a loss of secrecy as well.
For this reason it is **strongly** recommended to combine encryption with a
message authentication code, such as :doc:`HMAC </hazmat/primitives/mac/hmac>`,