Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index

On 01/14/2012 04:28 PM, Dennis E. Hamilton wrote:
Saving a document with password is indeed an encryption.  The encryption methods are specified in 
the ODF Specification for encrypting the parts of the Zip package.  (There is no ODF-specified 
encryption for the single- XML-file form of an ODF document.)

The default method, that works for all ODF 1.0/1.1/1.2 documents in packages (e.g., ODT, ODP, and 
ODS files), is by Password Based Key Derivation (PBKDF2) using HMAC and SHA1 starting with an SHA1 
digest of the UTF-8 user-chosen password.  The encryption with the derived key is Blowfish with 
8-bit Cipher Feedback (8-bit CFB).  This is done on each file of the Zip package that carries the 
parts of the ODF document.  (Each part has a different, randomly-derived initialization vector, but 
the derived key is the same for all of them.)

Starting with ODF 1.2, additional encryption methods can be chosen.  However, there are 
interoperability issues if the document is intended to be opened with anything but the computer and 
software that was used to encrypt it (actually a common use case but not when secure interchange is 

The fundamental weakness of the current approach is the use of human-entered passwords (which tend 
to be memorable and easily attackable), some well-known problems with information leakage from Zip 
files and known-/predictable-plaintext attacks.  There is also a vulnerability if the password used 
is used anywhere else (e.g., for protecting fields in documents) such that its SHA1 digest becomes 
known or suspected.
One problem in cryptography is that fact that all alphabetic languages and alphabetic transcriptions have definite letter frequency in plain text. For example in English the letter occurs 7% of the time. This was first discovered and used by William Friedman in the 1920's. Also, grammatical construction of a sentence could provide clues for the key. The word 'the' is very common and often before a noun or at the start of sentence. The sentence structure will provide clues because every language has rules about proper word order, etc. This is an often overlooked problem with cryptography, if I know the original language I know the probable letter frequency and can look for grammatical patterns to break the key. This is in addition to any other problems such as weak password/keys, weaknesses in the encryption algorithm, etc.

  - Dennis

-----Original Message-----
From: Riccardo Bernardini []
Sent: Saturday, January 14, 2012 01:18
Subject: [libreoffice-users] Encryption algorithms in Libre Office?

Dear all,
I apologize in advance if this is a FAQ, but I was not able to find an
answer both in the FAQ page and in the first 4-5 pages of the mail archives
(I searched for "password" and "encryption").

I know that Libre Office allows you to save a "password protected
document," but I would like to know some more details about it. For
example, is the document actually encrypted or simply Libre Office refuses
to open it without the right password? (I expect [and hope] the former).
  If the former hypothesis is correct, which encryption algorithms are used?

Thank you for any help.


Jay Lozier

For unsubscribe instructions e-mail to:
Posting guidelines + more:
List archive:
All messages sent to this list will be publicly archived and cannot be deleted


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.