Uploaded image for project: 'OASIS Open Document Format for Office Applications (OpenDocument) TC'
  1. OASIS Open Document Format for Office Applications (OpenDocument) TC
  2. OFFICE-2738

ODF 1.2 Part 3 section 4.8.12 manifest:salt guidance

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Applied
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: ODF 1.2 CD 05
    • Fix Version/s: ODF 1.2 CD 06
    • Component/s: Packaging, Part 2 (Packages) [1.2: 3], Security
    • Labels:
      None
    • Environment:

      This clarification applies to ODF 1.0/1.1/IS 26300 and ODF 1.2 drafts. The specific text is addressed to ODF 1.2 CD05 Part 3 and the section numbering there.

    • Proposal:
      Hide

      Replace the text of 4.8.12 manifest:salt with

      """
      The manifest:salt attribute carries the value of a cryptographically-random binary value. The left-to-right sequence of octets that contain the bits of the value are represented in the attribute value using base64binary encoding. There is no maximum length to the salt.

      Note: The salt is introduced into key derivation procedures in order to discourage the discovery of the start key or the derived key developed by the key-derivation procedure. The use of cryptographically random salts reduces the possibility of separate uses of the same start key leading to the same derived key. A minimum 64-bit (8-octet) salt is recommended in [RFC2898]. The 128-bit (16-octet) default salt length (section 3.4.2) is simple to use with PBKDF2 when HMAC-SHA-1 is the pseudorandom function, PRF. Internal characteristics of the key-derivation function can make increases in the length of the cryptographically-generated salt counter-productive at some point (e.g., over 160 bits with SHA1). OpenDocument Package Producers can ensure that each salt used in a package is unique by additional incorporation of a sequence number that is started at a random value (e.g., using a 32-bit counter mod 2^32). See [RFC2898] for further considerations.
      """

      Show
      Replace the text of 4.8.12 manifest:salt with """ The manifest:salt attribute carries the value of a cryptographically-random binary value. The left-to-right sequence of octets that contain the bits of the value are represented in the attribute value using base64binary encoding. There is no maximum length to the salt. Note: The salt is introduced into key derivation procedures in order to discourage the discovery of the start key or the derived key developed by the key-derivation procedure. The use of cryptographically random salts reduces the possibility of separate uses of the same start key leading to the same derived key. A minimum 64-bit (8-octet) salt is recommended in [RFC2898] . The 128-bit (16-octet) default salt length (section 3.4.2) is simple to use with PBKDF2 when HMAC-SHA-1 is the pseudorandom function, PRF. Internal characteristics of the key-derivation function can make increases in the length of the cryptographically-generated salt counter-productive at some point (e.g., over 160 bits with SHA1). OpenDocument Package Producers can ensure that each salt used in a package is unique by additional incorporation of a sequence number that is started at a random value (e.g., using a 32-bit counter mod 2^32). See [RFC2898] for further considerations. """
    • Resolution:
      Hide

      Replace the text of 4.8.12 manifest:salt with

      """
      The manifest:salt attribute carries the value of a cryptographically-random binary value designed to mitigate certain cryptographic attacks on the password. There is no maximum length to the salt. See [RFC2898] for further considerations in the use of salts with key-derivation and other cryptographic functions. The salt is encoded in the attribute value as base64binary.
      """

      Show
      Replace the text of 4.8.12 manifest:salt with """ The manifest:salt attribute carries the value of a cryptographically-random binary value designed to mitigate certain cryptographic attacks on the password. There is no maximum length to the salt. See [RFC2898] for further considerations in the use of salts with key-derivation and other cryptographic functions. The salt is encoded in the attribute value as base64binary. """

      Description

      The 4.8.12 manifest:salt attribute specification provides no guidance on the generation of salt values by package producers.

        Attachments

          Activity

            People

            • Assignee:
              orcmid Dennis Hamilton (Inactive)
              Reporter:
              orcmid Dennis Hamilton (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: