Add a note about CTR_DRBG security strength to config.h

This commit is contained in:
Gilles Peskine 2019-10-03 14:21:39 +02:00
parent 1540e5bd04
commit 7e27936767

View file

@ -1304,6 +1304,10 @@
* The CTR_DRBG generator uses AES-256 by default. * The CTR_DRBG generator uses AES-256 by default.
* To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
* *
* \note To achieve a 256-bit security strength with CTR_DRBG,
* you must use AES-256 *and* use sufficient entropy.
* See ctr_drbg.h for more details.
*
* Module: library/ctr_drbg.c * Module: library/ctr_drbg.c
* Caller: * Caller:
* *