Hi,
At
"http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part3.html#__RefHeading__752859_826425813";
I read:
The defined values for the manifest:key-derivation-name attribute are:
•PBKDF2: The PBKDF2 key derivation method with HMAC-SHA-1 for the
Pseudo-Random Function(PRF). See [RFC2898] sections 5.2 and B.1.1.
HMAC-SHA-1 for the Pseudo-Random Function(PRF)? HMAC-SHA-1 is a
deterministic function. That means I enter a value and get a value out.
And no matter how many times I call the function with the input value, I
always get the same output value. So, with HMAC-SHA-1 is no randomnes
possible. So PRFs exists when PRNG (Pseudo Random Number Generator)s
exists.
I looked at the referenced RFC 2898: "PKCS #5: Password-Based
Cryptography Specification Version 2.0"
(https://www.ietf.org/rfc/rfc2898.txt) how this will be made. In RFC
2898 at the end of page 6 and start of page 7 is written the following:
If a random number generator or pseudorandom generator is not
available, a deterministic alternative for generating the salt (or the
random part of it) is to apply a password-based key derivation function
to the password and the message M to be processed. For instance, the
salt could be computed with a key derivation function as S = KDF (P,
M). This approach is not recommended if the message M is known to
belong to a small message space (e.g., "Yes" or "No"), however, since
then there will only be a small number of possible salts.
My question: Which method is implemented in LibreOffice? Does
LibreOffice use a PRNG or the method specified in the ODF standard with
the HMAC-SHA-1() function over the plaintext and (password)/(hash of the
password))? The second one is a little bit insecure.
Thanks four help.
Greetings
Steve
_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
