On 5/6/14 12:49 AM, Kay Schenk wrote: > On Wed, Apr 30, 2014 at 1:53 AM, Jürgen Schmidt <jogischm...@gmail.com>wrote: > >> Hi, >> >> for AOO 3.4 we had already discussed and later on reverted a change to >> enable the ODF Document encryption AES-256 by default. >> >> Some time ago I played with a new option field to allow the user to >> enable this option as new default, see [1] >> >> By default the office still uses the old blowfish algorithm but with >> this new option the user can enable the ODF 1.2 encryption. Well it is a >> minimal change to improve the current situation and allow the user to >> make use of what we already have. >> >> What does it mean in detail when we integrate this change? >> >> 1. No change as long as this option is not enabled >> 2. Option enabled and ODF 1.2 encryption is now default >> > > Would you happen to have a link to this in the ODF 1.2 spec? I can't seem > to find this...sorry.
not directly but you can review http://docs.oasis-open.org/office/v1.2/OpenDocument-v1.2-part3.pdf Section 4.5 describes the attribute <manifest:algorithm> and there you find a reference to 4.8.1 <maifest:algorithm-name> where the first bullet point listed "An IRI listed in §5.2 of [xmlenc-core]: The algorithm and mode specified in §5.2 of [xmlenc-core] for this IRI." [xmlenc-core] is defined on page 9 and links to http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ and under 5.2 you find Block Encryption Algorithms I think all this algorithm are supported theoretical but practical I know that OpenOffice supports Blowfish and AES-256. Maybe others can provide more details here. I am really no expert in this area ;-) Juergen > > > >> 2.1 New documents stored with password can't be loaded on older office >> versions >> 2.2 New or existing documents stored in older versions can still be >> loaded in the new office >> 2.3 Documents stored in older version (with the old algorithm) and >> loaded in the new office works as expected. Changes made in the document >> and stored with the new office still use the old algorithm and the >> document can later on opened in older office versions. >> >> From my pov of view there is still room for improvements but it is a >> first useful step to move forward to a more secure algorithm and give >> the user the opportunity to tweak the settings in the preferred way. >> >> I would like to propose to integrate this change and test it how well it >> works. >> >> Any opinions? Well keep in mind it is a minimal enhancement to make use >> of what we already have. There is still room for improvements ... >> >> >> Juergen >> >> >> [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org >> For additional commands, e-mail: dev-h...@openoffice.apache.org >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org