The digests and the block ciphers used in ODF encryptions are not alphabetic transpositions. They
work at the binary bit level and are difficult to invert, although some digests may leak some
modest information. The encryption of textual content is on its compressed binary form, and that
by its nature adds some entropy: it is the compressed file that is encrypted. Consequently, the
easiest language-based attack is on the password since so many are memorable and may even be
Brute-force attacks on passwords with known digests just get better all of the time and that is an
indirect hazard if the same password is used for protection of some files and for encryption of
others. (All passwords used in setting protection locks should be assumed to be compromised and
not used for anything else.)
There is structure in the uncompressed ODF plaintexts (e.g., many of the parts in the Zip are XML
files with known schemas as well as text content). That structure and other clues can help discern
whether a password attack has succeeded, though. There are also a few known plain-texts and
predictable plain-text portions that are commonly found compressed the same way in almost all
current ODF packages. That provides easier confirmation of a success and possible clues to the
presence of attack-worthy material as well.
From: Jay Lozier [mailto:email@example.com]
Sent: Saturday, January 14, 2012 14:28
Subject: Re: [libreoffice-users] Encryption algorithms in Libre Office?
On 01/14/2012 04:28 PM, Dennis E. Hamilton wrote:
[ ... ]
The fundamental weakness of the current approach is the use of human-entered passwords (which tend
to be memorable and easily attackable), some well-known problems with information leakage from Zip
files and known-/predictable-plaintext attacks. There is also a vulnerability if the password used
is used anywhere else (e.g., for protecting fields in documents) such that its SHA1 digest becomes
known or suspected.
One problem in cryptography is that fact that all alphabetic languages
and alphabetic transcriptions have definite letter frequency in plain
text. For example in English the letter occurs 7% of the time. This was
first discovered and used by William Friedman in the 1920's. Also,
grammatical construction of a sentence could provide clues for the key.
The word 'the' is very common and often before a noun or at the start of
sentence. The sentence structure will provide clues because every
language has rules about proper word order, etc. This is an often
overlooked problem with cryptography, if I know the original language I
know the probable letter frequency and can look for grammatical patterns
to break the key. This is in addition to any other problems such as weak
password/keys, weaknesses in the encryption algorithm, etc.
From: Riccardo Bernardini [mailto:firstname.lastname@example.org]
Sent: Saturday, January 14, 2012 01:18
Subject: [libreoffice-users] Encryption algorithms in Libre Office?
I apologize in advance if this is a FAQ, but I was not able to find an
answer both in the FAQ page and in the first 4-5 pages of the mail archives
(I searched for "password" and "encryption").
I know that Libre Office allows you to save a "password protected
document," but I would like to know some more details about it. For
example, is the document actually encrypted or simply Libre Office refuses
to open it without the right password? (I expect [and hope] the former).
If the former hypothesis is correct, which encryption algorithms are used?
Thank you for any help.
Impressum (Legal Info)
: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (MPLv2
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our trademark policy