Here's something more about passwords (not digital signatures) if you are going to take
password-based actions with ODF documents:
<https://tools.oasis-open.org/version-control/svn/oic/Advisories/00009-ProtectionKeySafety/trunk/description.html>
This message is not about the provision for digital signatures, since that is not password based.
However, the encryption is password based and the encryption is not very strong (and that has
nothing to do with whether AES or Blowfish are used).
Here's more about ways to either not be exposed to password discovery (AUTHZ160) or to use a
password based scheme that is harder to use in determining a password (SHA1DK):
<https://tools.oasis-open.org/issues/browse/OFFICE-3703>.
In case y'all somehow missed it, there has recently been massive successful attacking on passwords
for web services. The key problem is that the password itself tends to be vulnerable to discovery
by using stolen or disclosed hashes for them. While use of salts helps against opportunistic
attacks, it will not deter a determined attacker who can crowd-source an attack using readily
available personal computers. In fact, the situation is so bad that the provider of a web service
with millions of user accounts can't tell the difference between a prank and an actual hack:
<http://orcmid.wordpress.com/2012/06/07/password-security-1-social-engineering-an-sha1-hack/>.
- Dennis
-----Original Message-----
From: Tom Davies [mailto:tomdavies04@yahoo.co.uk]
Sent: Thursday, June 21, 2012 11:20
To: users@global.libreoffice.org
Subject: Re: [libreoffice-users] Signing Documents with a personal Certificate
Hi :)
Leet speak is a fav. Some sites said it was weak, others said it was fairly tough. The length of
a poem would radically increase the strength! Even a little verse would be great.
Regards from
Tom :)
--- On Thu, 21/6/12, Marc Grober <marc@interak.com> wrote:
From: Marc Grober <marc@interak.com>
Subject: Re: [libreoffice-users] Signing Documents with a personal Certificate
To: users@global.libreoffice.org
Date: Thursday, 21 June, 2012, 16:02
Use a phrase from a poem that you like and substitute - like 0s for os
On 6/20/12 11:50 PM, Steve Edmonds wrote:
1 lower case letter, 1 upper case letter, a number, white space and a
misc symbol, a second additional point for having it over 30 characters
and don't include any section of your name, or password or email address
or if it matches a word from the English dictionary.
Hows an over 50 supposed to remember a password like that!!
On 2012-06-21 17:47, Marc Grober wrote:
https://www.cacert.org/index.php?id=1
On 6/20/12 6:14 PM, James Knott wrote:
Marc Grober wrote:
get a cert from CACert.org
Hmmm...
I just tried going to that site and got this:
"This Connection is Untrusted
You have asked Firefox to connectsecurely to www.cacert.org, but we
can't
confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted
identification
to prove that you are going to the right place. However, this site's
identity can't be
verified.
What Should I Do?
If you usually connect to this site without problems, this error could
mean that
someone is trying to impersonate the site, and you shouldn't continue."
Not good for a certificate site.
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.