OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-3709) ODF 1.3: PackageEncryption Start-Key Enhancement

    [ http://tools.oasis-open.org/issues/browse/OFFICE-3709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=26663#action_26663 ] 

Dennis Hamilton commented on OFFICE-3709:

I forgot to include similar adjustments to manifest:checksum in the proposal.  (This could be separate, but the front page change is the same, so they might as well both be here.)

Here are the changes I will make:

 1. Change the title of this issue to "ODF 1.3: Package Digest Algorithm Enhancements"
 2. Add a new section title, "3. Section 4.8.3 manifest:checksum-type"

In the new section, add


The Package producer and Package consumer conformance is adjusted similarly to the case for the encryption start-key.

The new algorithm is as follows:

manifest:checksum is a string of forty octets.  The first 20 octets are the value mac, The remaining 20 octets are the value of salt

   salt is a cryptographically-random 160 bit value

   mac = HMAC-SHA1(salt, plain1k)

where plain1k is the first 1024 bytes of the compressed unencrypted file, or the entire compressed unencrypted file if its length is less than 1024 bytes.

NOTE: This form is used since HMAC-SHA1 is presumed to be already available as part of the default PBKDF2 key-generation algorithm.  Note further that, while the HMAC salt parameter is generally a secret authentication key, in this case the "secret" is the plain1k stream.

> ODF 1.3: Package Encryption Start-Key Enhancement
> -------------------------------------------------
>                 Key: OFFICE-3709
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3709
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Improvement
>          Components: Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.2
>         Environment: This is an enhancement, described in terms of changes to OpenDocument-v1.2-cs01-part3
>            Reporter: Dennis Hamilton
>            Assignee: Dennis Hamilton
>             Fix For: ODF 1.3 CSD 01
> In the default encryption method for packages, the same start-key, the SHA1 digest of the user-entered-password, is used for all key generations for encrypting the individual parts of the package.  Although the start-key is a secret, its successful attack permits decryption of the entire package.
> This proposal adds a method by which the start key is different for every key generation, relying on the cryptographically-random and different manifest:salt that is created for each key generation.  This means that successful attack of one start key does not provide the start key for any of the other encryptions.
> Note: This procedure does not materially impact attacks on the user-specified password, which remain at least as vulnerable as memorable passwords generally are.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]