OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Proper identifier for Excel-style digest algorithm


Kohei Yoshida <kyoshida@novell.com> wrote on 07/07/2008 03:03:46 PM:

> Hi there,
>
> I've already asked privately to Michael and Rob, and I think it's
> appropriate to ask this list.
>
> I'm working on supporting the password hash algorithm that Excel uses to
> hash worksheet and document passwords in OOo.  Luckily this doesn't
> require any modification to the ODF schema since ODF already allows
> alternative digest algorithm as described in Section 18.972
> table:protected (as of v1.2 draft7-3).  But I'd like to correctly
> associate and document this Excel-style algorithm in the ODF spec.
>
> The algorithm itself is documented in Section 3.3.1.81 of ECMA TC-45
> OOXML specification.  The code contained therein, however, is not
> entirely correct, so I posted the correct algorithm in my blog page[1]
> for now.  I assume the final version of the OOXML spec will contain the
> correct algorithm, but so far, the latest (public) version of the spec
> that I have access to still contains the old, incorrect version.
>
> The question I'd like to ask the list members is this: what identifier
> should we use as the value of the table:protection-key-digest-algorithm
> attribute to refer to the new algorithm?  The current definition for
> this attribute:
>
> <attribute name="table:protection-key-digest-algorithm"
>            a:defaultValue="http://www.w3.org/2000/09/xmldsig#sha1">
>     <ref name="anyURI"/>
> </attribute>
>
> suggests that the name must be a URI.  But I'm not sure what URI to use
> for this new algorithm.
>
> Any ideas, anyone?
>

How does OOXML, in their revised text, refer to the legacy algorithm?  I thought they also supported modern algorithms now like SHA256.  So they must have some way of indicating or referring to the legacy algorithm.  It might not be a URI, but they must describe it somehow, right?  If all else fails, call it something like "ISO/IEC 29500 Legacy Hash".

Ideally we would refer to either ISO/IEC 29500, section 3.3.1.81 or  Ecma-376 (second edition) whenever either one of those documents appears in a publicly viewable form.  I don't think we want to duplicate their algorithm definition if we can avoid doing so.  Better to reference what they already have, when it is corrected.

-Rob

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]