OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office-comment] ODF 1.1: Heads up on Document Crypto

On Monday 07 July 2008 01:35:26 pm robert_weir@us.ibm.com wrote:
> "Dennis E. Hamilton" <dennis.hamilton@acm.org> wrote on 07/04/2008
> 12:08:38 PM:
> > David Leblanc is a serious cryptography maven at Microsoft.
> > http://blogs.msdn.com/david_leblanc/archive/2008/07/03/office-
> > crypto-follies.aspx
> > is a great post on the different uses of obfuscation and
> > cryptography for Office documents, from the binaries up to OOXML (I
> > assume he means Office 2007).
> >
> > There are observations on ODF 1.1 cryptography, related to the
> > maturing understanding of cryptography for Microsoft Office
> > documents, at the end of the blog post.
> Ah, he is not a fan of Blowfish, I see.
There were three complaints:
1. Password hashing count iteration is "1000" (sic - should be 1024)

2. Encryption algorithm type

3. Integrity check is same as password verification

Fixing 1 would be trivial, although arbitrary. I don't know what OOo does, but 
KDE's Okular reader and KOffice both already read the iteration-count from 
the file format if present.

FIxing 2  would require a bit more work, but AES (128, 192 or 256), triple DES 
or CAST5 would be no problem for the KDE apps. 

I don't see the issue with 3. The complaint is "There is no way to know 
whether the user has the wrong password, or whether a bit got flipped. This 
has the potential for data loss, though I'd suppose one could build a special 
tool to just try the decryption." I don't see bit flipping as a big issue 
given the zip file format, but if we are doing algorithm agility, we could 
introduce GCM.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]