summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/libraries
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide_src/source/libraries')
-rw-r--r--user_guide_src/source/libraries/encryption.rst17
1 files changed, 6 insertions, 11 deletions
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 1353c4ed0..5d92b109a 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -173,9 +173,9 @@ but regardless, here's a list of most of them:
============== ========= ============================== =========================================
Cipher name Driver Key lengths (bits / bytes) Supported modes
============== ========= ============================== =========================================
-AES-128 OpenSSL 128 / 16 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS
-AES-192 OpenSSL 192 / 24 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS
-AES-256 OpenSSL 256 / 32 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS
+AES-128 OpenSSL 128 / 16 CBC, CTR, CFB, CFB8, OFB, ECB, XTS
+AES-192 OpenSSL 192 / 24 CBC, CTR, CFB, CFB8, OFB, ECB, XTS
+AES-256 OpenSSL 256 / 32 CBC, CTR, CFB, CFB8, OFB, ECB, XTS
Rijndael-128 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
Rijndael-192 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
Rijndael-256 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
@@ -239,7 +239,6 @@ CFB8 cfb8 MCrypt, OpenSSL Same as CFB, but operates in 8-
OFB ofb MCrypt, OpenSSL N/A
OFB8 ofb8 MCrypt Same as OFB, but operates in 8-bit mode (not recommended).
ECB ecb MCrypt, OpenSSL Ignores IV (not recommended).
-GCM gcm OpenSSL Provides authentication and therefore doesn't need a HMAC.
XTS xts OpenSSL Usually used for encrypting random access data such as RAM or hard-disk storage.
Stream stream MCrypt, OpenSSL This is not actually a mode, it just says that a stream cipher is being used. Required because of the general cipher+mode initialization process.
=========== ================== ================= ===================================================================================================================================================
@@ -251,10 +250,9 @@ It's probably important for you to know that an encrypted string is usually
longer than the original, plain-text string (depending on the cipher).
This is influenced by the cipher algorithm itself, the IV prepended to the
-cipher-text and (unless you are using GCM mode) the HMAC authentication
-message that is also prepended. Furthermore, the encrypted message is also
-Base64-encoded so that it is safe for storage and transmission, regardless
-of a possible character set in use.
+cipher-text and the HMAC authentication message that is also prepended.
+Furthermore, the encrypted message is also Base64-encoded so that it is safe
+for storage and transmission, regardless of a possible character set in use.
Keep this information in mind when selecting your data storage mechanism.
Cookies, for example, can only hold 4K of information.
@@ -446,9 +444,6 @@ raw_data FALSE No Whether the cipher-t
value is incorrect. This includes *hmac_key*, unless *hmac*
is set to FALSE.
-.. note:: If GCM mode is used, *hmac* will always be FALSE. This is
- because GCM mode itself provides authentication.
-
.. _digests:
Supported HMAC authentication algorithms