OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [office] Passwords


On Tue, 2006-28-11 at 16:42 +0100, Michael Brauer - Sun Germany - ham02
- Hamburg wrote:
> actually, the "password" we are talking about do not belong to a 
> security feature like digital signatures or encryption, but are only 
> passwords that an office application user interface may request before a 
> user may remove the write protection of a text section or table.

For this purpose any hash will do fine since an attacker could always
just edit the XML to not require a password, correct?

> The hash values we are talking about are only used to encode the 
> password itself.

Am I right to understand that any user could just edit the XML and
remove the password protection? If that is the case, then any hash will
be only marginally better than plain text.

Daniel.
-- 
"I AM in shape. Round IS a shape."

This is a digitally signed message part



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]