OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [office-comment] ODF 1.1: Heads up on Document Crypto

Robert Weir wrote:

>AES is not a panacea either.  I know that some foreign governments are
>suspicious of anything that the NSA says is OK for use.  So best to
>a choice of several strong algorithms.

Mmm, at least AES is a standard, so like I suggested before, let's go
for at least Blowfish and AES. If you don't trust AES, you can use
Blowfish and if you need a NSA-approved cipher, go with AES.

If that isn't enough, I would suggest using the algorithms mentioned in 
OpenPGP / RFC4880 (TripleDES, AES-128, CAST5, IDEA, Blowfish and
Those algorithms have already been implemented in freely available
crypto libraries (like Bouncy Castle in Java/C# and Botan in C++), so
most developers don't have to write these routines themselves...

Best regards


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]