Yes, the Java library is defective in how it handles PBKDF2, making it impossible to match the PBKDF2 key generation that is specified for ODF. (PBKDF2 is defined to work with any binary initial key, but the Java implementation does not provide for that. The ODF use of PBKDF2 requires starting with a binary initial key.)
I did not know about Schuermann's analysis. However, this problem was also encountered by the ODF Toolkit project last year. They have worked around this by creating their own implementation of PBKDF2 that works properly with the UTF8 of an entered password. The ODF Toolkit project is just now accomplishing their first Apache ODF Toolkit podling release. I am told the next release is expected to support the ODF digital signature and encryption provisions. - Dennis -----Original Message----- From: Andreas Säger [mailto:ville...@t-online.de] Sent: Saturday, January 14, 2012 04:08 To: users@global.libreoffice.org Subject: [libreoffice-users] Re: Encryption algorithms in Libre Office? http://ringlord.com/dl/Decrypting%20ODF%20Files.pdf -- View this message in context: http://nabble.documentfoundation.org/Encryption-algorithms-in-Libre-Office-tp3658602p3658798.html Sent from the Users mailing list archive at Nabble.com. -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
