TJ, I was doing some nosing around and, based on some information on the Community Forums (thank you Hagar), it looks like the settings are controlled in a file called registrymodifications.xcu, at least on Windows. The location will vary with different versions of windows.
On windows, you can find one under the installed-user profile, such as Documents & Settings\orcmid\Application Data [a hidden file], OpenOffice/3/user/registrymodification.xcu for any install since the AES256 has been instituted as default. the *.xcu is actually an XML file and you can find the settings by searching for "blowfish" and for "SHA1". How this works for Mac, Solaris, OS/2, and the various Linus and BSD builds, I have no idea. - Dennis -----Original Message----- From: TJ Frazier [mailto:[email protected]] Sent: Friday, March 23, 2012 11:26 To: [email protected] Subject: Re: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for Down-Level Implementations [ ... ] ... options to consider: 3. User change to config file, to use the new option. I have suggested a writeup on this, but such instructions are much better aimed at the (few?) users who want the "latest and greatest" security option, and will do a little work to get it. (Does anybody know what that file name is? Given that, I volunteer to update the Release Notes.) 4. Macro to toggle the settings. This could be distributed in a BASIC library (new or existing); no extension necessary. User instructions to find and run the macro are simple. I may be able to write this; preliminary investigation is promising but not certain. I volunteer to try. There are several real experts on this list, whom I might ask for help. /tj/ > > > > [1] https://issues.apache.org/ooo/show_bug.cgi?id=119090 > > On 19.03.2012 14:48, Jürgen Schmidt wrote: >> On 3/19/12 2:16 PM, TJ Frazier wrote: >>> On 3/19/2012 08:48, Jürgen Schmidt wrote: >>>> Hi, >>>> >>>> I think issue 119090 is no show stopper from my point of view. The new >>>> default provides a better security than before when I understand it >>>> correct. And if people detect potential problems they can save the >>>> document again with other settings. >>>> >>>> I agree that this is important for interoperability but no show >>>> stopper. >>>> >>>> Any other opinion? >>>> >>>> Juergen >>>> >>>> >>> Hi, Jürgen, >>> >>> Like Dennis, I'm nervous about this. Perhaps we can handle it with a >>> mention in the Release Notes; something like, >>> >>> PLEASE NOTE: the default options for [technical details here] should >>> provide your best /individual/ security. However, if you intend to share >>> the document in secure fashion, the default mode cannot be read by >>> * previous versions of OpenOffice.org >>> * current versions of LibreOffice, at least through [version] >>> * Ms Office [version info] >>> For compatibility, use the options [details here]. >>> >> >> I agree that it make sense to mention it in the release notes. >> >> Any volunteer for updating the release notes? >> >> Juergen > >
