On 05/12/2014 08:32 AM, Jürgen Schmidt wrote: > On 5/6/14 12:49 AM, Kay Schenk wrote: >> On Wed, Apr 30, 2014 at 1:53 AM, Jürgen Schmidt <jogischm...@gmail.com>wrote: >> >>> Hi, >>> >>> for AOO 3.4 we had already discussed and later on reverted a change to >>> enable the ODF Document encryption AES-256 by default. >>> >>> Some time ago I played with a new option field to allow the user to >>> enable this option as new default, see [1] >>> >>> By default the office still uses the old blowfish algorithm but with >>> this new option the user can enable the ODF 1.2 encryption. Well it is a >>> minimal change to improve the current situation and allow the user to >>> make use of what we already have. >>> >>> What does it mean in detail when we integrate this change? >>> >>> 1. No change as long as this option is not enabled >>> 2. Option enabled and ODF 1.2 encryption is now default >>> >> >> Would you happen to have a link to this in the ODF 1.2 spec? I can't seem >> to find this...sorry. > > not directly but you can review > > http://docs.oasis-open.org/office/v1.2/OpenDocument-v1.2-part3.pdf > > Section 4.5 describes the attribute <manifest:algorithm> and there you > find a reference to 4.8.1 <maifest:algorithm-name> where the first > bullet point listed > > "An IRI listed in §5.2 of [xmlenc-core]: The algorithm and mode > specified in §5.2 of [xmlenc-core] for this IRI." > > [xmlenc-core] is defined on page 9 and links to > http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ and under 5.2 you > find Block Encryption Algorithms > > I think all this algorithm are supported theoretical but practical I > know that OpenOffice supports Blowfish and AES-256. > > Maybe others can provide more details here. I am really no expert in > this area ;-) > > Juergen > >
Ok, thanks. The reason I asked is because I could only find a reference to blowfish, and not AES-256 anywhere. > > >> >> >> >>> 2.1 New documents stored with password can't be loaded on older office >>> versions >>> 2.2 New or existing documents stored in older versions can still be >>> loaded in the new office >>> 2.3 Documents stored in older version (with the old algorithm) and >>> loaded in the new office works as expected. Changes made in the document >>> and stored with the new office still use the old algorithm and the >>> document can later on opened in older office versions. >>> >>> From my pov of view there is still room for improvements but it is a >>> first useful step to move forward to a more secure algorithm and give >>> the user the opportunity to tweak the settings in the preferred way. >>> >>> I would like to propose to integrate this change and test it how well it >>> works. >>> >>> Any opinions? Well keep in mind it is a minimal enhancement to make use >>> of what we already have. There is still room for improvements ... >>> >>> >>> Juergen >>> >>> >>> [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org >>> For additional commands, e-mail: dev-h...@openoffice.apache.org >>> >>> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > -- ------------------------------------------------------------------------- MzK "Life is either a daring adventure, or nothing." -- Helen Keller --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
