saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Point people at AEADs in symmetric encryption docs (#7326)

Browse source
This commit is contained in:
Alex Gaynor 2022-06-09 20:48:02 -04:00 committed by GitHub
parent 749150e1fd
commit c6b121d321
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
docs/hazmat/primitives/symmetric-encryption.rst
View file

@ -14,12 +14,16 @@ message but an attacker can create bogus messages and force the application to
decrypt them. In many contexts, a lack of authentication on encrypted messages
can result in a loss of secrecy as well.
For this reason it is **strongly** recommended to combine encryption with a
message authentication code, such as :doc:`HMAC </hazmat/primitives/mac/hmac>`,
in an "encrypt-then-MAC" formulation as `described by Colin Percival`_.
``cryptography`` includes a recipe named :doc:`/fernet` that does this for you.
**To minimize the risk of security issues you should evaluate Fernet to see if
it fits your needs before implementing anything using this module.**
For this reason in nearly all contexts it is necessary to combine encryption
with a message authentication code, such as
:doc:`HMAC </hazmat/primitives/mac/hmac>`, in an "encrypt-then-MAC"
formulation as `described by Colin Percival`_. ``cryptography`` includes a
recipe named :doc:`/fernet` that does this for you. **To minimize the risk of
security issues you should evaluate Fernet to see if it fits your needs before
implementing anything using this module.** If :doc:`/fernet` is not
appropriate for your use-case then you may still benefit from
:doc:`/hazmat/primitives/aead` which combines encryption and authentication
securely.
.. class:: Cipher(algorithm, mode)