SHA1 is not considered insecure for the purposes it is used in packages. Or, put another way, the insecurities that apply to those usages are not materially improved by using SHA256 instead of SHA1.
I think there are ways to do this that do not cause down-level problems and do not require back-porting. See my earlier suggestion about ways that mutual users of encrypted documents tend to be limited anyhow, because it requires exchange of a password. - Dennis -----Original Message----- From: libreoffice-bounces+dennis.hamilton=acm....@lists.freedesktop.org [mailto:libreoffice-bounces+dennis.hamilton=acm....@lists.freedesktop.org] On Behalf Of Kohei Yoshida Sent: Monday, August 15, 2011 06:33 To: Caolán McNamara Cc: Thorsten Behrens; LibreOffice Subject: Re: [Libreoffice] default ODF encryption/checksum algorithms changed in master. Good thing ? On Mon, 2011-08-15 at 11:05 +0100, Caolán McNamara wrote: > Since 5dd2784030e00fa1857b30ee8c5da62e221bfd32 (inherited change) the > default encryption and checksum algorithms used in our .odt export > changed, e.g. sha1 to sha256. They changed for settings of "ODF >= > 1.2". > > What it means in practice is that encrypted document exported from >= > 3.5/3.6 won't be openable in older versions, e.g. <= 3.4 > > There is a UseSHA1InODF12 and UseBlowfishInODF12 setting which is > currently disabled. > > Such a change shouldn't go unnoticed anyway. So... > a) is this a good thing that should be welcomed, with a "users using > older version of LibreOffice/OpenOffice.org should upgrade and/or hassle > their vendors for patched versions with support for these backported" IMO, we may have to backport this since, if the experience of the 3.4.x releases is repeated in the 3.5.x releases, we won't reach stabilization in the first couple of .x releases. So there will be a period we have 3.4 and 3.5 releases in parallel where we'll be recommending 3.4 over 3.5. Alternatively, we could provide in 3.5 a way to encrypt it using sha1, for backward compatibility. The downside is that sha1 is considered to be insecure - the very reason ODF has switched to sha256 in the first place. Or, we could disable sha256 in the 3.5.x releases until it reaches the point of stabilization and we start recommending it over 3.4. But I think, ultimately this would depend on the magnitude of code change required to backport it to 3.4.... Just my opinion. Kohei -- Kohei Yoshida, LibreOffice hacker, Calc <kohei.yosh...@suse.com> _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
