[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office-comment] ODF 1.1: Heads up on Document Crypto
On Monday 07 July 2008 01:35:26 pm robert_weir@us.ibm.com wrote: > "Dennis E. Hamilton" <dennis.hamilton@acm.org> wrote on 07/04/2008 > > 12:08:38 PM: > > David Leblanc is a serious cryptography maven at Microsoft. > > http://blogs.msdn.com/david_leblanc/archive/2008/07/03/office- > > crypto-follies.aspx > > is a great post on the different uses of obfuscation and > > cryptography for Office documents, from the binaries up to OOXML (I > > assume he means Office 2007). > > > > There are observations on ODF 1.1 cryptography, related to the > > maturing understanding of cryptography for Microsoft Office > > documents, at the end of the blog post. > > Ah, he is not a fan of Blowfish, I see. There were three complaints: 1. Password hashing count iteration is "1000" (sic - should be 1024) 2. Encryption algorithm type 3. Integrity check is same as password verification Fixing 1 would be trivial, although arbitrary. I don't know what OOo does, but KDE's Okular reader and KOffice both already read the iteration-count from the file format if present. FIxing 2 would require a bit more work, but AES (128, 192 or 256), triple DES or CAST5 would be no problem for the KDE apps. I don't see the issue with 3. The complaint is "There is no way to know whether the user has the wrong password, or whether a bit got flipped. This has the potential for data loss, though I'd suppose one could build a special tool to just try the decryption." I don't see bit flipping as a big issue given the zip file format, but if we are doing algorithm agility, we could introduce GCM. Brad
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]