OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (OFFICE-3709) ODF 1.3: Package Encryption Enhancements

     [ https://issues.oasis-open.org/browse/OFFICE-3709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Patrick Durusau updated OFFICE-3709:
    Fix Version/s: ODF-Next
                       (was: ODF 1.4)

> ODF 1.3: Package Encryption Enhancements
> ----------------------------------------
>                 Key: OFFICE-3709
>                 URL: https://issues.oasis-open.org/browse/OFFICE-3709
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Improvement
>          Components: Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.3, ODF 1.2 COS 1
>         Environment: This is an enhancement, described in terms of changes to OpenDocument-v1.2-os-part3
>            Reporter: Dennis Hamilton
>            Priority: Major
>             Fix For: ODF-Next
> In the default encryption method for packages, the same start-key, the SHA1 digest of the user-entered-password, is used for all key generations for encrypting the individual parts of the package.  Although the start-key is a secret, its successful attack permits decryption of the entire package.
> This proposal adds a method by which the start key is different for every key generation, relying on the cryptographically-random and different manifest:salt that is created for each key generation.  This means that successful attack of one start key does not provide the start key for any of the other encryptions.
> Note: This procedure does not materially impact attacks on the user-specified password, which remain at least as vulnerable as memorable passwords generally are.
> In addition, the proposal adds an additional manifest:checksum-type that employs a message-authentication procedure on the entire compressed plaintext file.  HMAC-SHA1 is used.  The resulting checksum value is the same size as the current manifest:checksum.  However, the MAC is created over the entire compressed plaintext and the key for the MAC is the derived key used in the encryption and decryption of the same file.  This accomplishes password-based authentication along with the password-based encryption/decryption.

This message was sent by Atlassian Jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]