Date: prev next · Thread: first prev next last
2019 Archives by date, by thread · List index


On 10.12.19 14:57, Steve Martin wrote:
Hi,

At "http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part3.html#__RefHeading__752859_826425813"; I read:

The defined values for the manifest:key-derivation-name attribute are:

  •PBKDF2: The PBKDF2 key derivation method with HMAC-SHA-1 for the Pseudo-Random Function(PRF). See [RFC2898] sections 5.2 and B.1.1.

HMAC-SHA-1 for the Pseudo-Random Function(PRF)? HMAC-SHA-1 is a deterministic function. That means I enter a value and get a value out. And no matter how many times I call the function with the input value, I always get the same output value. So, with HMAC-SHA-1 is no randomnes possible. So PRFs exists when PRNG (Pseudo Random Number Generator)s exists.

of course, but if you use an *actual* random function to derive the key from the salt and the password then you'll have trouble decrypting the resulting ciphertext...

I looked at the referenced RFC 2898: "PKCS #5: Password-Based Cryptography Specification Version 2.0" (https://www.ietf.org/rfc/rfc2898.txt) how this will be made. In RFC 2898 at the end of page 6 and start of page 7 is written the following:

If a random number generator or pseudorandom generator is not available,

LibreOffice requires one.

available, a deterministic alternative for generating the salt (or the random part of it) is to apply a password-based key derivation function to the password and the message M to be processed. For instance, the salt could be computed with a key derivation function as S = KDF (P, M). This approach is not recommended if the message M is known to belong to a small message space (e.g., "Yes" or "No"), however, since then there will only be a small number of possible salts.

My question: Which method is implemented in LibreOffice? Does LibreOffice use a PRNG or the method specified in the ODF standard with the HMAC-SHA-1() function over the plaintext and (password)/(hash of the password))? The second one is a little bit insecure.

both: the method specified in ODF applies the HMAC-SHA1 function to generate the key from the salt, not to generate the salt.

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.