ODF 1.2 Part 3 section 4.8.12 manifest:salt guidance

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Minor
    • ODF 1.2 CD 06
    • Affects Version/s: ODF 1.2 CD 05
    • Component/s: Packaging, Part 2 (Packages) [1.2: 3], Security
    • None
    • Environment:

      This clarification applies to ODF 1.0/1.1/IS 26300 and ODF 1.2 drafts. The specific text is addressed to ODF 1.2 CD05 Part 3 and the section numbering there.

    • Hide

      Replace the text of 4.8.12 manifest:salt with

      """
      The manifest:salt attribute carries the value of a cryptographically-random binary value. The left-to-right sequence of octets that contain the bits of the value are represented in the attribute value using base64binary encoding. There is no maximum length to the salt.

      Note: The salt is introduced into key derivation procedures in order to discourage the discovery of the start key or the derived key developed by the key-derivation procedure. The use of cryptographically random salts reduces the possibility of separate uses of the same start key leading to the same derived key. A minimum 64-bit (8-octet) salt is recommended in [RFC2898]. The 128-bit (16-octet) default salt length (section 3.4.2) is simple to use with PBKDF2 when HMAC-SHA-1 is the pseudorandom function, PRF. Internal characteristics of the key-derivation function can make increases in the length of the cryptographically-generated salt counter-productive at some point (e.g., over 160 bits with SHA1). OpenDocument Package Producers can ensure that each salt used in a package is unique by additional incorporation of a sequence number that is started at a random value (e.g., using a 32-bit counter mod 2^32). See [RFC2898] for further considerations.
      """

      Show
      Replace the text of 4.8.12 manifest:salt with """ The manifest:salt attribute carries the value of a cryptographically-random binary value. The left-to-right sequence of octets that contain the bits of the value are represented in the attribute value using base64binary encoding. There is no maximum length to the salt. Note: The salt is introduced into key derivation procedures in order to discourage the discovery of the start key or the derived key developed by the key-derivation procedure. The use of cryptographically random salts reduces the possibility of separate uses of the same start key leading to the same derived key. A minimum 64-bit (8-octet) salt is recommended in [RFC2898] . The 128-bit (16-octet) default salt length (section 3.4.2) is simple to use with PBKDF2 when HMAC-SHA-1 is the pseudorandom function, PRF. Internal characteristics of the key-derivation function can make increases in the length of the cryptographically-generated salt counter-productive at some point (e.g., over 160 bits with SHA1). OpenDocument Package Producers can ensure that each salt used in a package is unique by additional incorporation of a sequence number that is started at a random value (e.g., using a 32-bit counter mod 2^32). See [RFC2898] for further considerations. """
    • Hide

      Replace the text of 4.8.12 manifest:salt with

      """
      The manifest:salt attribute carries the value of a cryptographically-random binary value designed to mitigate certain cryptographic attacks on the password. There is no maximum length to the salt. See [RFC2898] for further considerations in the use of salts with key-derivation and other cryptographic functions. The salt is encoded in the attribute value as base64binary.
      """

      Show
      Replace the text of 4.8.12 manifest:salt with """ The manifest:salt attribute carries the value of a cryptographically-random binary value designed to mitigate certain cryptographic attacks on the password. There is no maximum length to the salt. See [RFC2898] for further considerations in the use of salts with key-derivation and other cryptographic functions. The salt is encoded in the attribute value as base64binary. """

      The 4.8.12 manifest:salt attribute specification provides no guidance on the generation of salt values by package producers.

            Assignee:
            Dennis Hamilton (Inactive)
            Reporter:
            Dennis Hamilton (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: