Make the docs clearer on why truncated tags are a bad idea (#4312) * Make the docs clearer on why truncated tags are a bad idea * clarify

commit: d6256094b26d4563ec9969f2a301dcf671c0f24d [log] [tgz]
author: Alex Gaynor <alex.gaynor@gmail.com> Thu Jul 05 23:04:46 2018 -0400
committer: Paul Kehrer <paul.l.kehrer@gmail.com> Fri Jul 06 08:34:46 2018 +0530
tree: 0057a1041128bbba4c4bf7735aeb9960e860e963
parent: 7a5d3716d0f9413a01651d2be5f0adbc5e858bfa [diff] [blame]
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 593b880..5ebcca7 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst

@@ -379,10 +379,10 @@
 
         Cryptography will generate a 128-bit tag when finalizing encryption.
         You can shorten a tag by truncating it to the desired length but this
-        is **not recommended** as it lowers the security margins of the
-        authentication (`NIST SP-800-38D`_ recommends 96-:term:`bits` or
-        greater).  Applications wishing to allow truncation must pass the
-        ``min_tag_length`` parameter.
+        is **not recommended** as it makes it easier to forge messages, and
+        also potentially leaks the key (`NIST SP-800-38D`_ recommends
+        96-:term:`bits` or greater).  Applications wishing to allow truncation
+        can pass the ``min_tag_length`` parameter.
 
         .. versionchanged:: 0.5
commit	d6256094b26d4563ec9969f2a301dcf671c0f24d	[log] [tgz]
author	Alex Gaynor <alex.gaynor@gmail.com>	Thu Jul 05 23:04:46 2018 -0400
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	Fri Jul 06 08:34:46 2018 +0530
tree	0057a1041128bbba4c4bf7735aeb9960e860e963
parent	7a5d3716d0f9413a01651d2be5f0adbc5e858bfa [diff] [blame]