[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office-comment] ODF 1.1: Heads up on Document Crypto
"Dennis E. Hamilton" <dennis.hamilton@acm.org> wrote on 07/04/2008 12:08:38 PM: > David Leblanc is a serious cryptography maven at Microsoft. > http://blogs.msdn.com/david_leblanc/archive/2008/07/03/office- > crypto-follies.aspx > is a great post on the different uses of obfuscation and > cryptography for Office documents, from the binaries up to OOXML (I > assume he means Office 2007). > > There are observations on ODF 1.1 cryptography, related to the > maturing understanding of cryptography for Microsoft Office > documents, at the end of the blog post. > Ah, he is not a fan of Blowfish, I see. We should probably look at this. Although it is nice to have a single, patent-free algorithm specified, that does put us in the position of having the format potentially obsoleted overnight if Blowfish were broken. The safer practice is to allow a number of strong algorithms. The downside is that this makes more work for implementors, and could reduce interoperability (you can only exchange with those applications that support the same algorithm that your document was encrypted with). AES is not a panacea either. I know that some foreign governments are suspicious of anything that the NSA says is OK for use. So best to allow a choice of several strong algorithms. -Rob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]