https://issues.apache.org/ooo/show_bug.cgi?id=119090
--- Comment #6 from Rob Weir <[email protected]> 2012-03-19 16:23:01 UTC --- I think this is a security versus interop trade-off. It is interesting to note that the author of the Blowfish algorithm actually recommends not to use it anymore: http://www.computerworld.com.au/article/46254/bruce_almighty_schneier_preaches_security_linux_faithful/?pp=3 He wrote TwoFish to replace Blowfish. Twofish was submitted in the competition to replace the older DES standard. AES was picked as the winner of that competition, not Twofish. So from a security standpoint, our default of AES is the best choice. But it does have the interop downside that Dennis has mentioned. But I think this can be handled by user education. If users want to share encrypted files with older editors, they can: 1) Save As ODF 1.0/1.1 or 2) Set a configuration entry to make Blowfish the default. -- Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
