| |||||||||||||
Changes in Encryption for Password-Protected DocumentsChanges in Encryption for Password-Protected DocumentsPosted Mar 15, 2012 19:44 UTC (Thu) by orcmid (guest, #74478)In reply to: I won't give up LibreOffice by eru Parent article: A look in on Apache OpenOffice
The allowance for other encryption algorithms is a provision of ODF 1.2, now an approved OASIS Standard.
The peculiarity is taht ODF 1.2 recommends a different encryption than Blowfish while at the same time Blowfish (and its particular parameters) are available as defaults when no algorithm is specified. The change in recommendation is basically because algorithms like AES have formal support from NIST and elsewhere, and Blowfish does not. Blowfish is also a bit dated (as AES is becoming).
Unfortunately, users are apparently not given a way to choose the encryption.
Presumably it is possible to use the Save As ODF 1.1 selection in the Tools | Options in order to use the original default encryption methodology. I must try that with the latest LO release candidates.
PS: The flaw, among others, in the current encryptions is in the improper use of PBKDF2 that allows an attack by direct injection of password digests obtained from elsewhere without attacking the password. This sideways vulnerability applies to all of the encryption methods at the present time. And of course password-based schemes are more vulnerable than the encryption and are easier to attack, making it irrelevant how good the encryption algorithm itself is.
(Log in to post comments)
|
|||||||||||||