[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ODF 1.2 Part3 cd01 - 2.4.2 Default Encryption Algorithm: Salt
ODF 1.2 Part3 cd01 - 2.4.2 Default Encryption Algorithm: Salt It says in the text: "A random number generator initialized with the current time is used to generate a 16-byte salt for each file." I propose to replace this with: "A random number generator which is initialized in a manner depending on the current time is used to generate a 16-byte salt for each file." Justification for the proposed change: Depending on circumstances, an attacker might be able to manipulate the what the machine that handles the encryption considers to be the current time. Robustness against this kind of attack can be improved if in addition to the time, a more reliable source of randomness is used. That should not be forbidden by the standard. Greetings, Norbert -- siug.ch -- Swiss Internet User Group, an initiative of /ch/open adaptux.com -- Empowering adaptation of IT to your business processes
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]