-
Type: Bug
-
Status: Applied
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: ODF 1.2 CD 05
-
Fix Version/s: ODF 1.2 CD 06
-
Component/s: Packaging, Part 2 (Packages) [1.2: 3], Security
-
Labels:None
-
Environment:
This issue applies in all versions and drafts starting with the OASIS ODF 1.0 Standard. The specific location, wording and proposed changes are against ODF 1.2 CD05 Part 3.
-
Proposal:
-
Resolution:
1. In section 4.8.9 the first sentence is
"The manifest:key-derivation-name attribute specifies the name of the algorithm used to derive a name."
It should not end with "... algorithm used to derive a name."
It should say, "... password-based key-derivation algorithm used to derive a cryptographic key for use in encryption and decryption of the file."
2. In the first bullet in the list following the second sentence, it says that a defined value for the attribute is
"PBKDF2: The PBKDF2 key derivation method. See [RFC2898].
This is incomplete. PBKDF2 is a general procedure that depends on use of a Pseudo-Random Function (PRF) for its operation. The choice of PRF must also be know in order for an encryption to be decrypted correctly.
One way to repair this is to add HMAC-SHA-1 to the definition as the understood PRF, using the procedure in the example in [RFC2898].
Finally, the size of the salt is relevant to the cryptographic strength of the key derivation. 64 bits is useful for implementation reasons, when HMAC-SHA-1 is the PRF. Longer values are usable but more than 120 bits probably adds no further strength to the key derivation, no matter what key size is produced from the PBKDF2 derivation.