OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-2723) ODF 1.2 Part 33.4.2(3) Blowfish CFB Frame Size Not Specified

    [ http://tools.oasis-open.org/issues/browse/OFFICE-2723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22398#action_22398 ] 

Dennis Hamilton commented on OFFICE-2723:

I don't believe we can do that.  Without knowing that 8-bit CFB is used, we do not know if the plaintext and ciphertext are the same size.  However, we specify no procedure to use when the sizes are different.

I am assuming that 8-bit CFB is used in current implementations of Blowfish CFB and we need to be clear about that, even if this is no longer the default encryption algorithm in a future version.

The resolution being developed for OFFICE-2722 does not relieve us from specifying this case.

> ODF 1.2 Part 3 3.4.2(3) Blowfish CFB Frame Size Not Specified
> -------------------------------------------------------------
>                 Key: OFFICE-2723
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2723
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.2 CD 05
>         Environment: This issue applies to all versions of ODF since ODF 1.0.  The specific section and wording is that of ODF 1.2 Part 3 CD01-rev08 (and the approved form, ODF 1.2 CD05 Part 3).
>            Reporter: Dennis Hamilton
>            Assignee: Dennis Hamilton
>             Fix For: ODF 1.2 CD 06
> In Part 3 section 3.4.2(3), it is stated that encryption (and the corresponding decryption) use "the Blowfish algorithm in cipher feedback (CFB) mode (see [Blowfish])."
> CFB mode is described in section 9.6 Cipher-Feedback Mode of [Blowfish].  CFB mode provides for encryption in different frame sizes up to the block size of the encryption algorithm.  In the case of Blowfish, the block size is 64 bits.  Different CFB frame sizes (e.g., 1, 8, 16, and 32 bits) do not result in the same ciphertext.
> To decrypt a file encrypted with CFB, it is necessary to know the frame size that was used for the encryption.  If the frame size is not one that exactly divides 8, it must also be know how the last octets of the ciphertext are produced such that the ciphertext is of the same size as the original plaintext or how the exact plaintext size is to be recovered.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]