ns/odf/1.2/security#
Package Security Enhancements

 

tools for document interoperability
nfoWorks > ns> odf> 1.2> security> Package Security Enhancements
  1. Overview
      

1. Overview

There are security weaknesses in the <manifest:encryption-data> provisions for encryption of ODF packages.  The nfoware-defined enhancements reduce the attack surface.  They are not particularly strong countermeasures: they do little to impede readily-available "password-recovery" software that succeeds by attacking the password directly.

1.1 In the password-based encryption of ODF 1.0/1.1/1.2 documents there are two hazards involving message-digest algorithms:

1.1.1 The <manifest:encryption-data> manifest:checksum attribute value is a digital hash of (the beginning of) the unencrypted file.  This discloses information about the unencrypted file and makes it easy to detect encryptions of files for which the plaintext may already be known.

1.1.2 User-entered passwords are transformed into a start key using a message digest algorithm.  The algorithm is typically SHA1 (default) or SHA256.  This start key is then used in the encryption of each file in the package.  Although the password itself is usually the weakest point in the encryption, the start key is also subject to attack, such as attempting known hash values.

1.2 In ODF 1.2 the <manifest:encryption-data> manifest:checksum-type attribute identifies the procedure by which the manifest:checksum value (1.1.1) is derived.  Six algorithms are allowed: SHA1, SHA1-1k (on first 1k bytes only), SHA256, SHA256-1k (recommended), SHA512, and RIPEMD-160.  ODF 1.2 consumers are required to support SHA1-1k and SHA256-1k.

1.3 In ODF 1.2 the <manifest:start-key-generation> manifest:start-key-generation-name attribute identifies the procedure by which the start key for a given package file encryption is derived (1.1.2).  Four algorithms are allowed: SHA1, SHA256 (recommended), SHA512, and RIPEMD-160.  ODF 1.2 consumers are required to support SHA1 (default) and SHA256.

{EdNote: Definition of local names and identifiers for the extended procedures will be provided as provisional use becomes appropriate.

[RFC2104]
{EdNote: References to W3C and IETF specification, references to the relevant ODF TC issues and documents, possibly OIC material as well.  Note that permalinks could be into a common bibliographic index, and that is where revisions would be linked, etc.}
Construction Structure (Hard Hat Area)
Creative Commons License You are navigating nfoWorks.
This work is licensed under a
Creative Commons Attribution 2.5 License.

0.03 2017-06-14 20:24 -0700