1 files changed, 9 insertions, 4 deletions

diff --git a/templates/index.html b/templates/index.html
index fdcddd8..baf6a6d 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -18,11 +18,13 @@
             <div class="crumbs">
                 <a href="/git/forbidden-salamanders">source code</a>
                 <span class="sep"> · </span>
-                <a href="/forbidden-salamanders/nonce-reuse">aes-gcm nonce reuse</a>
+                <a href="/forbidden-salamanders/nonce-reuse">nonce reuse</a>
+                <!--
                 <span class="sep"> · </span>
-                <a href="/forbidden-salamanders/nonce-truncation">aes-gcm nonce truncation</a>
+                <a href="/forbidden-salamanders/nonce-truncation">nonce truncation</a>
                 <span class="sep"> · </span>
-                <a href="/forbidden-salamanders/key-commitment">aes-gcm key commitment</a>
+                <a href="/forbidden-salamanders/key-commitment">key commitment</a>
+                -->
             </div>
         </div>
 		<p>
@@ -37,9 +39,10 @@
         <p>
             <strong><a href="/forbidden-salamanders/nonce-reuse">Nonce
             reuse</a>.</strong> Due to rising entropy prices, Roseacrucis has
-            started to reuse nonces. You must perform the Forbidden Attack in order to
+            started to reuse AES-GCM nonces. You must perform the Forbidden Attack in order to
             recover the authentication key and forge arbitrary ciphertext.
         </p>
+        <!--
         <p>
             <strong><a href="#">Nonce truncation</a>.</strong> The sorcerer
             aims to conserve bandwidth by truncating nonces from twelve bytes
@@ -54,6 +57,7 @@
 			Library that decrypt to confidential information under one key, but
 			innocuous banter under another.
         </p>
+        -->
         <br>
 		<details>
 			<summary>
@@ -64,6 +68,7 @@
                 AES-GCM is a block cipher that accepts a key of 16 bytes,
                 a nonce of 12 bytes, plaintext, and additional authenticated data.
                 It returns ciphertext and a message authentication code (MAC).
+                The construction is <a href="https://csrc.nist.gov/publications/detail/sp/800-38d/final">specified by NIST</a>.
             </p>
             <p>
                 The ciphertext is computed as in <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)">counter mode</a>, whereas the MAC is computed using the algorithm GMAC.