[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Default encryption algorithm concerns
I'd like to add to, maybe duplicate some of the issues that David has raised. Part 3 defines in section 2.4.2 "Encryption Process using default algorithms" . This is encryption using SHA1 and Blowfish. These algorithms are not, I believe, well suited for a "default" algorithm. In particular: 1) The use of SHA1 is going to be a red flag for many. It is generally considered weak and is being phased out. For example, the US list of cryptographic hashes permitted for government use, what we call FIPS800-131 says that SHA1 will not be permitted after 2010. 2) Blowfish is also not on the FIPS list. We also heard via public comment that it is not on the approved list in Japan. To be fair we should note that these algorithms are from ODF 1.1 and are implemented. So I would not suggest we remove them altogether. But I think we should call the the section "Encryption Process using legacy algorithms" and state that it "should not" be used for new documents. Do we need to have a procedure that we call the "default"? If so, I'd recommend one based on SHA2/AES128. In section 3.8.1 we currently say: "Package producers that support encryption shall support the value Blowfish CFB. Package consumers that support encryption shall support the values Blowfish CFB and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#blowfish." I don't think we want to require that package producers support the legacy method, especially if it is known to be weak. So I suggest eliminating that bullet paragraph altogether, or require the use of SHA2/AES128 if there is consensus to have that be the "default" algorithm -Rob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]