aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-06-28 09:45:11 -0400
committerJack Lloyd <[email protected]>2018-06-28 09:45:11 -0400
commit0346d45fa84108d8d40c32b6944477b96ff52f34 (patch)
tree3372c87dc23f785dcbfbec0810068f46ef91ba14 /doc/manual
parent6fbf29a87cce47800c431fa513c5be9e693118fc (diff)
Put warning about 64-bit ciphers in a warning block
Diffstat (limited to 'doc/manual')
-rw-r--r--doc/manual/block_cipher.rst12
1 files changed, 7 insertions, 5 deletions
diff --git a/doc/manual/block_cipher.rst b/doc/manual/block_cipher.rst
index 6c8fa9c45..2ee8ffde0 100644
--- a/doc/manual/block_cipher.rst
+++ b/doc/manual/block_cipher.rst
@@ -159,9 +159,9 @@ countries, as well as a few that are included mostly due to their use in
specific protocols such as PGP but not widely used elsewhere. The ciphers that
seem best for new code are AES, Serpent, and Threefish-512.
-Avoid any 64-bit cipher in new code. There are combinatoric issues that affect
-any 64-bit cipher that render it insecure when large amounts of data are
-processed.
+.. warning:: Avoid any 64-bit block cipher in new designs. There are
+ combinatoric issues that affect any 64-bit cipher that render it
+ insecure when large amounts of data are processed.
AES
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -170,9 +170,11 @@ Comes in three variants, AES-128, AES-192, and AES-256.
The standard 128-bit block cipher. Many modern platforms offer hardware
acceleration. However, on platforms without hardware support, AES
-implementations typically are vulnerable to side channel attacks.
+implementations typically are vulnerable to side channel attacks. For x86
+systems with SSSE3 but without AES-NI, Botan has an implementation which avoids
+known side channels.
-If you are developing new code and have no particular opinion, pick AES.
+If you are developing new code and have no particular opinion, pick AES-256.
Available if ``BOTAN_HAS_AES`` is defined.