Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
AOO will only add two features, a new color picker and improved SVG import, none of which is important for me. So, for the foreseable future, I will keep using LibreOffice.
But I love to see OpenOffice back on their feet. Specially tacking into account that the new license permits improvements made to AOO to be ported to LO, AFAIK.
I won't give up LibreOffice
Posted Mar 15, 2012 12:43 UTC (Thu) by eru (subscriber, #2753)
Changes in Encryption for Password-Protected Documents
Posted Mar 15, 2012 19:44 UTC (Thu) by orcmid (guest, #74478)
The peculiarity is taht ODF 1.2 recommends a different encryption than Blowfish while at the same time Blowfish (and its particular parameters) are available as defaults when no algorithm is specified. The change in recommendation is basically because algorithms like AES have formal support from NIST and elsewhere, and Blowfish does not. Blowfish is also a bit dated (as AES is becoming).
Unfortunately, users are apparently not given a way to choose the encryption.
Presumably it is possible to use the Save As ODF 1.1 selection in the Tools | Options in order to use the original default encryption methodology. I must try that with the latest LO release candidates.
PS: The flaw, among others, in the current encryptions is in the improper use of PBKDF2 that allows an attack by direct injection of password digests obtained from elsewhere without attacking the password. This sideways vulnerability applies to all of the encryption methods at the present time. And of course password-based schemes are more vulnerable than the encryption and are easier to attack, making it irrelevant how good the encryption algorithm itself is.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds