OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] Commented: (OFFICE-2639) NEEDS-DISCUSSION:Prepare Deprection of Visible Hashed Copies of Passwords



    [ http://tools.oasis-open.org/issues/browse/OFFICE-2639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18720#action_18720 ] 

Malte Timmermann commented on OFFICE-2639:
------------------------------------------

Dennis, maybe I didn't read your comments carefully enough - I had the impression you wanted to get rid of the hashed values now everywhere.
If it's just about not allowing them anywhere except where they are used now, fine for me.

Thorsten, I didn't look for alternatives but simply concluded from Dennis comment "once superior methods are available" that they would not be available now.


> NEEDS-DISCUSSION: Prepare Deprection of Visible Hashed Copies of Passwords
> --------------------------------------------------------------------------
>
>                 Key: OFFICE-2639
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2639
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Security, Table, Text
>    Affects Versions: ODF 1.0, ODF 1.0 (second edition), ODF 1.1, ODF 1.2, ODF 1.2 Part 1 CD 4 
>         Environment: use of *:protection-key attributes in all applications of OpenDocument text and spreadsheet documents.
>            Reporter: Dennis Hamilton
>            Priority: Blocker
>             Fix For: ODF 1.2 Part 1 CD 5
>
>
> Since ODF 1.0, there is a security vulnerability in the use of hashed copies of passwords as values of *:protection-key attributes.  Having the hashed password copies retrievable from the document permits discovery of the password and attack on other uses of it.
> Although a number of cases are already implemented, using SHA-1 and apparently SHA-256, it is proposed to prepare for deprecation of  *:protection-key usages where the value of the attribute is a directly-derived as a hash-coded copy of a potentially-memorable/-reusable password.
> No safe algorithm is proposed, since there is no known-safe implementation currently in use.  Such implementations are known to be possible, however.
> To make room for introduction of safe algorithms that do not depend on the OpenDocument producer and consumer ever receiving an user secret in any form recoverable or verifiable from the document, this proposal simply restates the current provisions so that non-hashed-password methods can be introduced without expanding the number of attributes or interfereing with current implementations.
> In order to accomplish this, the repetitious restatements of how *:protection-key works are also removed from all places except where that attribute and *:protection-key-digest-algorithm are defined directly.
> NOTE 1: These changes impact and supersede the Issues OFFICE-2561, OFFICE-2562, and OFFICE-2563
> NOTE 2: These changes are solely for allowing remedy to the use of hashed copies of passwords.  No effort is made to resolve other questions that might apply in how protections work and are specified.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]