diff --git a/programs/README.md b/programs/README.md
index 31b7e2a2f..7075ae2dd 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -5,8 +5,8 @@ This subdirectory mostly contains sample programs that illustrate specific featu
 
 ## Symmetric cryptography (AES) examples
 
-* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication, demonstrating the low-level AES interface and HMAC.  
-  Warning: this program illustrates how to roll your own block cipher mode. Most applications should not do this and should instead use the standard library functions (e.g. `mbedtls_aes_crypt_cbc`).
+* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.  
+  Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).
 
 * [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.