Re: [office] Passwords

[Daniel Carrera <daniel.carrera@zmsl.com>]

On Tue, 2006-28-11 at 14:04 -0500, Patrick Durusau wrote:
> Not exactly.
> 
> If the file associations are not editable by the user, limiting opening 
> of the file to the use of an ODF compliant application and they are 
> denied access to a DOS command window (with edit or something similar) 
> it can be made relatively secure.

Well, it seems unlikely that a user would be in an environment that lets
them read the XML contents but not edit them.

But I can think of another reason to use hash though: To protect the
password itself, in the event that the document owner chooses to use the
same password elsewhere (which is common).

So, we want a hash that is pre-image resistant. SHA1 qualifies for now,
but I do note that RSA expects to see pre-image attacks in the next 5-10
years. Are we satisfied with that or should we ask for something higher?

Maybe we can take a middle position and say that SHA1 is allowed but we
recommend applications to move to something else in the future. The spec
could say something like this:

--------
The hash can be any of: SHA1, SHA-256, SHA-512 and WHIRLPOOL. The
committee notes that SHA1 is included for compatibility with current
applications but recommends moving to one of the other algorithms in the
coming years.
--------

I think that's a reasonable balance. It doesn't cause immediate hassle
for developers.

But what will we do, say, 8 years from now, when SHA1 is no longer
considered acceptable? Do we change the spec to disallow SHA1? If so,
then some old documents will become invalid. This is a general problem
with any hash or encryption algorithm; one day Blowfish might be broken
and we may have to choose a different algorithm.

Best,
Daniel.
-- 
"I AM in shape. Round IS a shape."

This is a digitally signed message part