Hi, for AOO 3.4 we had already discussed and later on reverted a change to enable the ODF Document encryption AES-256 by default.
Some time ago I played with a new option field to allow the user to enable this option as new default, see [1] By default the office still uses the old blowfish algorithm but with this new option the user can enable the ODF 1.2 encryption. Well it is a minimal change to improve the current situation and allow the user to make use of what we already have. What does it mean in detail when we integrate this change? 1. No change as long as this option is not enabled 2. Option enabled and ODF 1.2 encryption is now default 2.1 New documents stored with password can't be loaded on older office versions 2.2 New or existing documents stored in older versions can still be loaded in the new office 2.3 Documents stored in older version (with the old algorithm) and loaded in the new office works as expected. Changes made in the document and stored with the new office still use the old algorithm and the document can later on opened in older office versions. >From my pov of view there is still room for improvements but it is a first useful step to move forward to a more secure algorithm and give the user the opportunity to tweak the settings in the preferred way. I would like to propose to integrate this change and test it how well it works. Any opinions? Well keep in mind it is a minimal enhancement to make use of what we already have. There is still room for improvements ... Juergen [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
