As you say there are no good options here. The paradigm of protecting sections with passwords in this way is broken.
But there is a fourth option you can add. The user interface, in this case through OpenOffice, alerts the user that the document contains a weakly hashed password and requests that a new one is entered upon saving.
There would still be a difficulty with batch and automatic conversion - such as the many headless openoffice solutions.
Your option 2 is not as pointless as you say. Bear in mind that the hash is not protecting the document in any way. Users might believe it is protecting the document but this a falsehood. All it is protecting is the password. We need to have a password in order to preserve the functionality of the document as you point out. It is far better to have a pointless password than to perpetuate weak protection of a potentially valuable password.
The better solution would be to sign the protected section. You can then lock it in some way (using a silly password if you like). The standard already makes this possible but signing sections is not implemented in any applications that I am aware of.
Regards
Bob
Original Message -----
From: "robert weir" <robert_weir@us.ibm.com>
To: "Bob Jolliffe" <bobj@dst.gov.za>
Cc: "Kohei Yoshida" <kyoshida@novell.com>, "Michael Brauer - Sun Germany - ham02 - Hamburg" <Michael.Brauer@Sun.COM>, "office" <office@lists.oasis-open.org>
Sent: Tuesday, July 8, 2008 3:30:39 PM (GMT+0200) Africa/Harare
Subject: Re: [office] Proper identifier for Excel-style digest algorithm
Bob Jolliffe <bobj@dst.gov.za> wrote on 07/08/2008
04:13:16 AM:
> I agree. What we would need is a URI. But it would be
better, if
> we do need to define a URI, that we do so in conjunction with ECMA
> ie. that they would then at some point use the same URI that we define.
>
> Though given my earlier post and the input from Doug, it does seems
> that this will be more of an application issue than an ODF issue.
> If the intention is NOT to write out those legacy hashed passwords
> in an ODF document, then having a URI to refer to the algorithm is
> surely not such a major concern for ODF.
>
If I recall, at the BRM they were trying to make the
distinctions between translating a legacy document into OOXML (where the
legacy hash may be written out in the OOXML document) versus creating a
new OOXML document from scratch (where the legacy hash should not be used
because it it known to be weak). There was not time at the BRM to
hash out (forgive the pun) the right language for this.
I think we have a similar thing here. When converting
a legacy MS Office document to ODF, if the legacy document has protected
sections, you don't have many good choices:
1) Either Remove the protection (changes the functionality
of the document)
2) Or, set a new dummy password like "password"
using a strong hash like SHA256 (pointless)
3) Or, preserve the existing legacy hash value (but
this hash is weak)
No document encryption is involved. This is
simply a password hash.
It seems that 3) is the least bad of these options.
We could add language to the standard that makes it
clear that this algorithm is deprecated.
-Rob