[libreoffice-users] Encryption algorithms in Libre Office?
Dear all, I apologize in advance if this is a FAQ, but I was not able to find an answer both in the FAQ page and in the first 4-5 pages of the mail archives (I searched for password and encryption). I know that Libre Office allows you to save a password protected document, but I would like to know some more details about it. For example, is the document actually encrypted or simply Libre Office refuses to open it without the right password? (I expect [and hope] the former). If the former hypothesis is correct, which encryption algorithms are used? Thank you for any help. Riccardo -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
RE: [libreoffice-users] Encryption algorithms in Libre Office?
Saving a document with password is indeed an encryption. The encryption methods are specified in the ODF Specification for encrypting the parts of the Zip package. (There is no ODF-specified encryption for the single- XML-file form of an ODF document.) The default method, that works for all ODF 1.0/1.1/1.2 documents in packages (e.g., ODT, ODP, and ODS files), is by Password Based Key Derivation (PBKDF2) using HMAC and SHA1 starting with an SHA1 digest of the UTF-8 user-chosen password. The encryption with the derived key is Blowfish with 8-bit Cipher Feedback (8-bit CFB). This is done on each file of the Zip package that carries the parts of the ODF document. (Each part has a different, randomly-derived initialization vector, but the derived key is the same for all of them.) Starting with ODF 1.2, additional encryption methods can be chosen. However, there are interoperability issues if the document is intended to be opened with anything but the computer and software that was used to encrypt it (actually a common use case but not when secure interchange is intended). The fundamental weakness of the current approach is the use of human-entered passwords (which tend to be memorable and easily attackable), some well-known problems with information leakage from Zip files and known-/predictable-plaintext attacks. There is also a vulnerability if the password used is used anywhere else (e.g., for protecting fields in documents) such that its SHA1 digest becomes known or suspected. - Dennis -Original Message- From: Riccardo Bernardini [mailto:framefri...@gmail.com] Sent: Saturday, January 14, 2012 01:18 To: users@global.libreoffice.org Subject: [libreoffice-users] Encryption algorithms in Libre Office? Dear all, I apologize in advance if this is a FAQ, but I was not able to find an answer both in the FAQ page and in the first 4-5 pages of the mail archives (I searched for password and encryption). I know that Libre Office allows you to save a password protected document, but I would like to know some more details about it. For example, is the document actually encrypted or simply Libre Office refuses to open it without the right password? (I expect [and hope] the former). If the former hypothesis is correct, which encryption algorithms are used? Thank you for any help. Riccardo -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-users] Encryption algorithms in Libre Office?
On 01/14/2012 04:28 PM, Dennis E. Hamilton wrote: Saving a document with password is indeed an encryption. The encryption methods are specified in the ODF Specification for encrypting the parts of the Zip package. (There is no ODF-specified encryption for the single- XML-file form of an ODF document.) The default method, that works for all ODF 1.0/1.1/1.2 documents in packages (e.g., ODT, ODP, and ODS files), is by Password Based Key Derivation (PBKDF2) using HMAC and SHA1 starting with an SHA1 digest of the UTF-8 user-chosen password. The encryption with the derived key is Blowfish with 8-bit Cipher Feedback (8-bit CFB). This is done on each file of the Zip package that carries the parts of the ODF document. (Each part has a different, randomly-derived initialization vector, but the derived key is the same for all of them.) Starting with ODF 1.2, additional encryption methods can be chosen. However, there are interoperability issues if the document is intended to be opened with anything but the computer and software that was used to encrypt it (actually a common use case but not when secure interchange is intended). The fundamental weakness of the current approach is the use of human-entered passwords (which tend to be memorable and easily attackable), some well-known problems with information leakage from Zip files and known-/predictable-plaintext attacks. There is also a vulnerability if the password used is used anywhere else (e.g., for protecting fields in documents) such that its SHA1 digest becomes known or suspected. One problem in cryptography is that fact that all alphabetic languages and alphabetic transcriptions have definite letter frequency in plain text. For example in English the letter occurs 7% of the time. This was first discovered and used by William Friedman in the 1920's. Also, grammatical construction of a sentence could provide clues for the key. The word 'the' is very common and often before a noun or at the start of sentence. The sentence structure will provide clues because every language has rules about proper word order, etc. This is an often overlooked problem with cryptography, if I know the original language I know the probable letter frequency and can look for grammatical patterns to break the key. This is in addition to any other problems such as weak password/keys, weaknesses in the encryption algorithm, etc. - Dennis -Original Message- From: Riccardo Bernardini [mailto:framefri...@gmail.com] Sent: Saturday, January 14, 2012 01:18 To: users@global.libreoffice.org Subject: [libreoffice-users] Encryption algorithms in Libre Office? Dear all, I apologize in advance if this is a FAQ, but I was not able to find an answer both in the FAQ page and in the first 4-5 pages of the mail archives (I searched for password and encryption). I know that Libre Office allows you to save a password protected document, but I would like to know some more details about it. For example, is the document actually encrypted or simply Libre Office refuses to open it without the right password? (I expect [and hope] the former). If the former hypothesis is correct, which encryption algorithms are used? Thank you for any help. Riccardo -- Jay Lozier jsloz...@gmail.com -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
RE: [libreoffice-users] Encryption algorithms in Libre Office?
The digests and the block ciphers used in ODF encryptions are not alphabetic transpositions. They work at the binary bit level and are difficult to invert, although some digests may leak some modest information. The encryption of textual content is on its compressed binary form, and that by its nature adds some entropy: it is the compressed file that is encrypted. Consequently, the easiest language-based attack is on the password since so many are memorable and may even be pronounceable. Brute-force attacks on passwords with known digests just get better all of the time and that is an indirect hazard if the same password is used for protection of some files and for encryption of others. (All passwords used in setting protection locks should be assumed to be compromised and not used for anything else.) There is structure in the uncompressed ODF plaintexts (e.g., many of the parts in the Zip are XML files with known schemas as well as text content). That structure and other clues can help discern whether a password attack has succeeded, though. There are also a few known plain-texts and predictable plain-text portions that are commonly found compressed the same way in almost all current ODF packages. That provides easier confirmation of a success and possible clues to the presence of attack-worthy material as well. - Dennis -Original Message- From: Jay Lozier [mailto:jsloz...@gmail.com] Sent: Saturday, January 14, 2012 14:28 To: users@global.libreoffice.org Subject: Re: [libreoffice-users] Encryption algorithms in Libre Office? On 01/14/2012 04:28 PM, Dennis E. Hamilton wrote: [ ... ] The fundamental weakness of the current approach is the use of human-entered passwords (which tend to be memorable and easily attackable), some well-known problems with information leakage from Zip files and known-/predictable-plaintext attacks. There is also a vulnerability if the password used is used anywhere else (e.g., for protecting fields in documents) such that its SHA1 digest becomes known or suspected. One problem in cryptography is that fact that all alphabetic languages and alphabetic transcriptions have definite letter frequency in plain text. For example in English the letter occurs 7% of the time. This was first discovered and used by William Friedman in the 1920's. Also, grammatical construction of a sentence could provide clues for the key. The word 'the' is very common and often before a noun or at the start of sentence. The sentence structure will provide clues because every language has rules about proper word order, etc. This is an often overlooked problem with cryptography, if I know the original language I know the probable letter frequency and can look for grammatical patterns to break the key. This is in addition to any other problems such as weak password/keys, weaknesses in the encryption algorithm, etc. - Dennis -Original Message- From: Riccardo Bernardini [mailto:framefri...@gmail.com] Sent: Saturday, January 14, 2012 01:18 To: users@global.libreoffice.org Subject: [libreoffice-users] Encryption algorithms in Libre Office? Dear all, I apologize in advance if this is a FAQ, but I was not able to find an answer both in the FAQ page and in the first 4-5 pages of the mail archives (I searched for password and encryption). I know that Libre Office allows you to save a password protected document, but I would like to know some more details about it. For example, is the document actually encrypted or simply Libre Office refuses to open it without the right password? (I expect [and hope] the former). If the former hypothesis is correct, which encryption algorithms are used? Thank you for any help. Riccardo -- Jay Lozier jsloz...@gmail.com -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-users] Encryption algorithms in Libre Office?
On 01/14/2012 06:18 PM, Dennis E. Hamilton wrote: The digests and the block ciphers used in ODF encryptions are not alphabetic transpositions. They work at the binary bit level and are difficult to invert, although some digests may leak some modest information. The encryption of textual content is on its compressed binary form, and that by its nature adds some entropy: it is the compressed file that is encrypted. Consequently, the easiest language-based attack is on the password since so many are memorable and may even be pronounceable. Brute-force attacks on passwords with known digests just get better all of the time and that is an indirect hazard if the same password is used for protection of some files and for encryption of others. (All passwords used in setting protection locks should be assumed to be compromised and not used for anything else.) There is structure in the uncompressed ODF plaintexts (e.g., many of the parts in the Zip are XML files with known schemas as well as text content). That structure and other clues can help discern whether a password attack has succeeded, though. There are also a few known plain-texts and predictable plain-text portions that are commonly found compressed the same way in almost all current ODF packages. That provides easier confirmation of a success and possible clues to the presence of attack-worthy material as well. If the information is valuable enough for others to want to know then it sounds like file encryption is possibly a very big speed bump to knowing the contents. There numerous inherent weaknesses that someone who understand cryptography and the mathematics behind it can exploit to their advantage. A weakness is that passwords have a finite, if initially unknown, length. The only issue then is the encryption method strong enough to keep the data protected until it has little value. The issue is to keep the file secure from unauthorized eyes, because once the file gets into the wild one must assume that someone will decrypt it. And once decrypted it will be posted somewhere, possibly in public. - Dennis -Original Message- From: Jay Lozier [mailto:jsloz...@gmail.com] Sent: Saturday, January 14, 2012 14:28 To: users@global.libreoffice.org Subject: Re: [libreoffice-users] Encryption algorithms in Libre Office? On 01/14/2012 04:28 PM, Dennis E. Hamilton wrote: [ ... ] The fundamental weakness of the current approach is the use of human-entered passwords (which tend to be memorable and easily attackable), some well-known problems with information leakage from Zip files and known-/predictable-plaintext attacks. There is also a vulnerability if the password used is used anywhere else (e.g., for protecting fields in documents) such that its SHA1 digest becomes known or suspected. One problem in cryptography is that fact that all alphabetic languages and alphabetic transcriptions have definite letter frequency in plain text. For example in English the letter occurs 7% of the time. This was first discovered and used by William Friedman in the 1920's. Also, grammatical construction of a sentence could provide clues for the key. The word 'the' is very common and often before a noun or at the start of sentence. The sentence structure will provide clues because every language has rules about proper word order, etc. This is an often overlooked problem with cryptography, if I know the original language I know the probable letter frequency and can look for grammatical patterns to break the key. This is in addition to any other problems such as weak password/keys, weaknesses in the encryption algorithm, etc. - Dennis -Original Message- From: Riccardo Bernardini [mailto:framefri...@gmail.com] Sent: Saturday, January 14, 2012 01:18 To: users@global.libreoffice.org Subject: [libreoffice-users] Encryption algorithms in Libre Office? Dear all, I apologize in advance if this is a FAQ, but I was not able to find an answer both in the FAQ page and in the first 4-5 pages of the mail archives (I searched for password and encryption). I know that Libre Office allows you to save a password protected document, but I would like to know some more details about it. For example, is the document actually encrypted or simply Libre Office refuses to open it without the right password? (I expect [and hope] the former). If the former hypothesis is correct, which encryption algorithms are used? Thank you for any help. Riccardo -- Jay Lozier jsloz...@gmail.com -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted