OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [office] The problem of visible hashes for protection keys

There is a mistake in the previous note.  There is a
<text:protection-key-digest-algorithm> option for <text:object-index>.  I
double-checked the schema and rechecked ODF 1.2 CD05, and it is indeed

 - Dennis

-----Original Message-----
From: Dennis E. Hamilton [mailto:dennis.hamilton@acm.org] 
Sent: Saturday, October 30, 2010 17:46
To: 'David LeBlanc'; 'ODF TC List'
Subject: RE: [office] The problem of visible hashes for protection keys

Nice analysis.  Thanks David,

Here are the places in ODF 1.1, with the attribute always storing a
key-verification hash (now documented in ODF 1.2 as being SHA-1):

4.4.1 Section Attributes, Protected Section subsection, text:protection-key

8.1.1 Table Element, Protected subsection, table:protection-key attribute

8.5.1 Document Protection, table:protection-key attribute [applies to

By virtue of sharing the sectionAttr RNG pattern defined in 4.4.1,
protection keys are also allowed on the following elements: 7.3.2
<text:index-title>, 7.3 <text:table-of-content>, 7.4
<text:illustration-index>, 7.5 <text:table-index>, 7.6 <text:object-index>,
7.7 <text:user-index>, 7.8 <text:alphabetical-index>, and 7.9

In ODF 1.2, the additional attributes table:protection-key-digest-algorithm
and text:protection-key-digest-algorithm are added to go with the
corresponding table:protection-key and text:protection-key occurrences,
except it is missing for <text:object-index>.  The default is SHA1 and ODF
1.2 consumers are required to support SHA256 also.  The digest algorithms
are identified by IRI, and new ones can be added, but the explanation for
19.700 and 19.853 *:protection-key-digest-algorithm is a little strange.  I
will turn in a JIRA issue on these and the omission if there are none

 - Dennis

-----Original Message-----
From: David LeBlanc [mailto:dleblanc@exchange.microsoft.com] 
Sent: Saturday, October 30, 2010 16:20
To: dennis.hamilton@acm.org; 'ODF TC List'
Subject: RE: [office] The problem of visible hashes for protection keys

[ ... ]
My recommendation is to use a real key derivation function to create a
password verifier. It can be a bit of a problem to deal with versioning - if
you change this, then an older version of the software obviously cannot
verify the password. However, due to the severity of disclosing passwords,
I'd tend to recommend against implementing a feature that exposes passwords
in that manner.

Just how widespread is this past usage? I do not recall seeing it in the
v1.1 spec, but I may have missed it. If this is something new to this
version, I'd strongly recommend doing it right, even if there are existing

[ ... ] 

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]