[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [office] The problem of visible hashes for protection keys
Nice analysis. Thanks David, Here are the places in ODF 1.1, with the attribute always storing a key-verification hash (now documented in ODF 1.2 as being SHA-1): 4.4.1 Section Attributes, Protected Section subsection, text:protection-key attribute 8.1.1 Table Element, Protected subsection, table:protection-key attribute 8.5.1 Document Protection, table:protection-key attribute [applies to spreadsheets] By virtue of sharing the sectionAttr RNG pattern defined in 4.4.1, protection keys are also allowed on the following elements: 7.3.2 <text:index-title>, 7.3 <text:table-of-content>, 7.4 <text:illustration-index>, 7.5 <text:table-index>, 7.6 <text:object-index>, 7.7 <text:user-index>, 7.8 <text:alphabetical-index>, and 7.9 <text:bibliography>. In ODF 1.2, the additional attributes table:protection-key-digest-algorithm and text:protection-key-digest-algorithm are added to go with the corresponding table:protection-key and text:protection-key occurrences, except it is missing for <text:object-index>. The default is SHA1 and ODF 1.2 consumers are required to support SHA256 also. The digest algorithms are identified by IRI, and new ones can be added, but the explanation for 19.700 and 19.853 *:protection-key-digest-algorithm is a little strange. I will turn in a JIRA issue on these and the omission if there are none already. - Dennis -----Original Message----- From: David LeBlanc [mailto:dleblanc@exchange.microsoft.com] Sent: Saturday, October 30, 2010 16:20 To: dennis.hamilton@acm.org; 'ODF TC List' Subject: RE: [office] The problem of visible hashes for protection keys [ ... ] My recommendation is to use a real key derivation function to create a password verifier. It can be a bit of a problem to deal with versioning - if you change this, then an older version of the software obviously cannot verify the password. However, due to the severity of disclosing passwords, I'd tend to recommend against implementing a feature that exposes passwords in that manner. Just how widespread is this past usage? I do not recall seeing it in the v1.1 spec, but I may have missed it. If this is something new to this version, I'd strongly recommend doing it right, even if there are existing implementations. [ ... ]
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]