Kohei Yoshida <kyoshida@novell.com> wrote on
07/07/2008 03:03:46 PM:
> Hi there,
>
> I've already asked privately to Michael and Rob, and I think it's
> appropriate to ask this list.
>
> I'm working on supporting the password hash algorithm that Excel uses
to
> hash worksheet and document passwords in OOo. Luckily this doesn't
> require any modification to the ODF schema since ODF already allows
> alternative digest algorithm as described in Section 18.972
> table:protected (as of v1.2 draft7-3). But I'd like to correctly
> associate and document this Excel-style algorithm in the ODF spec.
>
> The algorithm itself is documented in Section 3.3.1.81 of ECMA TC-45
> OOXML specification. The code contained therein, however, is
not
> entirely correct, so I posted the correct algorithm in my blog page[1]
> for now. I assume the final version of the OOXML spec will contain
the
> correct algorithm, but so far, the latest (public) version of the
spec
> that I have access to still contains the old, incorrect version.
>
> The question I'd like to ask the list members is this: what identifier
> should we use as the value of the table:protection-key-digest-algorithm
> attribute to refer to the new algorithm? The current definition
for
> this attribute:
>
> <attribute name="table:protection-key-digest-algorithm"
> a:defaultValue="http://www.w3.org/2000/09/xmldsig#sha1">
> <ref name="anyURI"/>
> </attribute>
>
> suggests that the name must be a URI. But I'm not sure what
URI to use
> for this new algorithm.
>
> Any ideas, anyone?
>
How does OOXML, in their revised text, refer to the
legacy algorithm? I thought they also supported modern algorithms
now like SHA256. So they must have some way of indicating or referring
to the legacy algorithm. It might not be a URI, but they must describe
it somehow, right? If all else fails, call it something like "ISO/IEC
29500 Legacy Hash".
Ideally we would refer to either ISO/IEC 29500, section
3.3.1.81 or Ecma-376 (second edition) whenever either one of those
documents appears in a publicly viewable form. I don't think we want
to duplicate their algorithm definition if we can avoid doing so. Better
to reference what they already have, when it is corrected.
-Rob