On Fri, Mar 23, 2012 at 4:23 PM, Dennis E. Hamilton <[email protected]> wrote:
<snip> <snip> <snip> <snip> <snip> > THE DEBATE: There is extensive technical discussion on the Bugzilla comments. > Here is a summary of what all of that technicality is about: > > 1. Some presume that switching to AES256 increases the security of the > document. > > 2. The counter-argument is that it does no good to improve the security in > parts of the encryption that do not improve the security of the weakest-link > in the encryption technique. It will simply give a false sense of security > where there is no improvement. The weak link in ODF 1.0/1.1/1.2 encryption > is the way that passwords are used. Not in the encryption technique that is > used for the document. > Yes, security is only as strong as the weakest link. But that is an argument for improving all the links. It is not an argument for undoing improvements that have already been made to some of the links. We're not required to refurbish the battleship all in one day. We can work deck-by-deck. The advantage of AES is that it is a known quantity, a standard, and is called out as a requirement for government procurement in several countries, including the US. We're not called on to individually become amateur cryptographers on this project. That would benefit absolutely no one. Instead we should follow existing industry standards and best practices, one of which is AES. And if there are other parts of the encryption pipeline that can be improved, then let's do that as well. -Rob
