[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Commented: (OFFICE-3709) ODF 1.3: PackageEncryption Start-Key Enhancement
[ http://tools.oasis-open.org/issues/browse/OFFICE-3709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=26663#action_26663 ]
Dennis Hamilton commented on OFFICE-3709:
-----------------------------------------
I forgot to include similar adjustments to manifest:checksum in the proposal. (This could be separate, but the front page change is the same, so they might as well both be here.)
Here are the changes I will make:
1. Change the title of this issue to "ODF 1.3: Package Digest Algorithm Enhancements"
2. Add a new section title, "3. Section 4.8.3 manifest:checksum-type"
In the new section, add
http://docs.oasis-open.org/ns/office/1.3/security#sha1-1k-smac
The Package producer and Package consumer conformance is adjusted similarly to the case for the encryption start-key.
The new algorithm is as follows:
manifest:checksum is a string of forty octets. The first 20 octets are the value mac, The remaining 20 octets are the value of salt
salt is a cryptographically-random 160 bit value
mac = HMAC-SHA1(salt, plain1k)
where plain1k is the first 1024 bytes of the compressed unencrypted file, or the entire compressed unencrypted file if its length is less than 1024 bytes.
NOTE: This form is used since HMAC-SHA1 is presumed to be already available as part of the default PBKDF2 key-generation algorithm. Note further that, while the HMAC salt parameter is generally a secret authentication key, in this case the "secret" is the plain1k stream.
> ODF 1.3: Package Encryption Start-Key Enhancement
> -------------------------------------------------
>
> Key: OFFICE-3709
> URL: http://tools.oasis-open.org/issues/browse/OFFICE-3709
> Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
> Issue Type: Improvement
> Components: Packaging, Part 3 (Packages), Security
> Affects Versions: ODF 1.2
> Environment: This is an enhancement, described in terms of changes to OpenDocument-v1.2-cs01-part3
> Reporter: Dennis Hamilton
> Assignee: Dennis Hamilton
> Fix For: ODF 1.3 CSD 01
>
>
> In the default encryption method for packages, the same start-key, the SHA1 digest of the user-entered-password, is used for all key generations for encrypting the individual parts of the package. Although the start-key is a secret, its successful attack permits decryption of the entire package.
> This proposal adds a method by which the start key is different for every key generation, relying on the cryptographically-random and different manifest:salt that is created for each key generation. This means that successful attack of one start key does not provide the start key for any of the other encryptions.
> Note: This procedure does not materially impact attacks on the user-specified password, which remain at least as vulnerable as memorable passwords generally are.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]