randomness/security (ODF 1.2 Part 3 Draft 12)

["Alex Brown" <alexb@griffinbrown.co.uk>]

Dear all,

3.4.2:

----b
A random number generator initialized with the current time is used to
generate a 16-byte salt for each file.
----e

Why is it normatively defined the random number generator is to be
"initialized with the current time"?

And what does that mean?

If the "current time" is granular (in milliseconds say) and this
provision is taken to mean the current time is re-assessed for each
file, then does this not make it likely the random number generator will
be "initialized" with the same value each time, and so the generated
salt will be identical for each file will be the same?

An attacker having access to the source code and some knowledge of the
document creation time would have more an advantage in attacking the
encryption, wouldn't they, if this constraint applies.

Suggest: "For each file a random 16-byte salt shall be generated".

- Alex.