OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: ODF 1.2 Part3 cd01 - 2.4.2 Default Encryption Algorithm: Salt


ODF 1.2 Part3 cd01 - 2.4.2 Default Encryption Algorithm: Salt

It says in the text:

  "A random number generator initialized with the current time is used
  to generate a 16-byte salt for each file."

I propose to replace this with:

  "A random number generator which is initialized in a manner depending
  on the current time is used to generate a 16-byte salt for each file."

Justification for the proposed change: Depending on circumstances, an
attacker might be able to manipulate the what the machine that handles
the encryption considers to be the current time. Robustness against
this kind of attack can be improved if in addition to the time, a more
reliable source of randomness is used. That should not be forbidden by
the standard.

Greetings,
Norbert

-- 
siug.ch     -- Swiss Internet User Group, an initiative of /ch/open
adaptux.com -- Empowering adaptation of IT to your business processes


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]