OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [office] [OASIS Issue Tracker] Commented: (OFFICE-3703) Proposal: ODF 1.3 Protection-Key Enhancements

PKCS5 and PBKDF2 were exactly where I was headed, and beyond.  I am wrapping up the revised proposal this evening.

 - Dennis

-----Original Message-----
From: office@lists.oasis-open.org [mailto:office@lists.oasis-open.org] On Behalf Of David LeBlanc
Sent: Monday, June 11, 2012 11:22
To: OASIS Issues Tracker; office@lists.oasis-open.org
Subject: RE: [office] [OASIS Issue Tracker] Commented: (OFFICE-3703) Proposal: ODF 1.3 Protection-Key Enhancements

IMHO, the right thing to do is this - http://www.ietf.org/rfc/rfc2898.txt

I recommend using a good bit of salt - in any application having to do with a document, 16 bytes is cheap, and if you then use a spin count of 50,000 or more, cracking a reasonably strong password becomes prohibitively expensive.

Use of any salt at all prevents a direct comparison. Note that the strength of the hash really isn't much of a factor in this scenario, but I'd still go for sha256.

-----Original Message-----
From: office@lists.oasis-open.org [mailto:office@lists.oasis-open.org] On Behalf Of OASIS Issues Tracker
Sent: Saturday, June 9, 2012 6:56 AM
To: office@lists.oasis-open.org
Subject: [office] [OASIS Issue Tracker] Commented: (OFFICE-3703) Proposal: ODF 1.3 Protection-Key Enhancements

    [ http://tools.oasis-open.org/issues/browse/OFFICE-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=30582#action_30582 ] 

Dennis Hamilton commented on OFFICE-3703:


When unsalted SHA1 hash values are used to authenticate passwords, those passwords are compromised when the hash value becomes known.  The ODF 1.0/1.1/1.2 protection-key values are never secret and can be extracted from ODF documents quite easily.

Recent prominent cases of mass disclosures of hash values and crowd-sourced cracking of the passwords demonstrate that this use of passwords for protection keys is forever unsafe and must be repaired.  Use of "stronger" digest algorithms and addition of salt values are not strong remedies.

Consequently, I will replace the current proposal (version 1.04).

The new proposal will introduce a default method that can never be used to compromise a password.  In case there is some requirement where a password must still be usable, there will be a protection-key method that makes discovery of the associated password extremely difficult.  Neither form of protection-key value is usable, by itself, in a transitive attack (e.g., on an ODF encryption).

The new version will be available in the next few days.

> Proposal: ODF 1.3 Protection-Key Enhancements
> ---------------------------------------------
>                 Key: OFFICE-3703
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3703
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Improvement
>          Components: Table, Text
>    Affects Versions: ODF 1.2 COS 1
>         Environment: This is an enhancement, described in terms of changes to OpenDocument-v1.2-cs01.
>            Reporter: Dennis Hamilton
>            Assignee: Dennis Hamilton
>             Fix For: ODF 1.3 CSD 01
>    The use of password hashes in easily-discovered XML element and attribute    values is subject to compromise of the hashed password.  Although the use    of increasingly-stronger digest algorithms may lengthen the time required    for carrying out a brute-force attack on the hash, memorable passwords    remain subject to compromise and the attack becomes easier as processor    technology advances.
>    In addition, the presence of hashes in plain sight in XML documents allows the digest value to be easily compared with the same digest value elsewhere, revealing worthy targets to an adversary.  In addition, the digest value is easily removed/replaced.  And an extracted digest value can be repurposed for malicious purposes.
>    This proposal introduces two protection-key digest algorithms that are intended to mitigate (but not eliminate) risks associated with use of digest algorithms and provision of the digests in plain view in XML documents.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: office-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: office-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]