Explain aescrypt2 better and warn that it doesn't do things properly
diff --git a/programs/README.md b/programs/README.md
index 31b7e2a..7075ae2 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -5,8 +5,8 @@
## Symmetric cryptography (AES) examples
-* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication, demonstrating the low-level AES interface and HMAC.
- Warning: this program illustrates how to roll your own block cipher mode. Most applications should not do this and should instead use the standard library functions (e.g. `mbedtls_aes_crypt_cbc`).
+* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.
+ Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).
* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.