[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] Proper identifier for Excel-style digest algorithm
Hello Bob, On Tue, 2008-07-08 at 00:43 +0200, Bob Jolliffe wrote: > But it does give rise to the question: are we going to support saving > passwords hashed using iso-29500-legacy-hash in odf v1.2? Currently I > guess we do as we leave the choice of algorithm completely open. Its > a tricky one. I would suggest that applications, such as openoffice, > should be free to implement the algorithm for reading and writing .xls > or .doc files, but I would strongly discourage its use in odf files. Understood. Just to clarify on this point. It is not our intention to have OpenOffice aggressively use a password hash generated by Excel's legacy hashing algorithm in ODF unless there is no other options. One such case is when opening an xls file that already has a password hash (for a protected worksheet, document structure etc), and saving it immediately as ODF. At that point, all that is available is the xls-legacy hash value, so we'd have no choice but to save it in ODF. If the user ever re-types or changes the password, then we would generate a new hash using a recommended hash algorithm (SHA1 or better). In other words, we are doing this only to deal with legacy documents. So, rest assured. :-) Kohei -- Kohei Yoshida - OpenOffice.org Engineer - Novell, Inc. <kyoshida@novell.com>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]