prose updates for GCM tag

commit: fc73e2d04315e21011869fbd925df9e7a99d21ae [log] [tgz]
author: Paul Kehrer <paul.l.kehrer@gmail.com> Sat Dec 21 18:41:38 2013 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> Sat Dec 21 18:41:38 2013 -0600
tree: 155a8dbffcd017e84dfe9d49375bd6f9382a83b6
parent: a7fbf07a3e96133b40df05ac5be159bbf6f1fc91 [diff] [blame]
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 85d7d5b..f009bb7 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst

@@ -354,10 +354,12 @@
 
     .. note::
 
-        `NIST SP-800-38D`_ recommends that GCM tags be 128, 120, 122, 104, or
-        96-bits in length. Tags are shortened by truncating bytes. Longer tags
-        provide better security margins. If you must shorten the tag the minimum
-        allowed length is 4 bytes (32 bits).
+        Cryptography will emit a 128-bit tag when finalizing encryption.
+        You can shorten a tag by truncating it to the desired length, but this
+        is **not recommended** as it lowers the security margins of the
+        authentication (`NIST SP-800-38D`_ recommends 96-bit or greater).
+        If you must shorten the tag the minimum allowed length is 4 bytes
+        (32 bit).
 
     :param bytes tag: The tag bytes to verify during decryption. When encrypting
                       this must be None.
commit	fc73e2d04315e21011869fbd925df9e7a99d21ae	[log] [tgz]
author	Paul Kehrer <paul.l.kehrer@gmail.com>	Sat Dec 21 18:41:38 2013 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	Sat Dec 21 18:41:38 2013 -0600
tree	155a8dbffcd017e84dfe9d49375bd6f9382a83b6
parent	a7fbf07a3e96133b40df05ac5be159bbf6f1fc91 [diff] [blame]