OASIS Open Document Format for Office Applications (OpenDocument) TC

  • 1.  Proper identifier for Excel-style digest algorithm

    Posted 07-07-2008 19:04
    Hi there,
    
    I've already asked privately to Michael and Rob, and I think it's
    appropriate to ask this list.
    
    I'm working on supporting the password hash algorithm that Excel uses to
    hash worksheet and document passwords in OOo.  Luckily this doesn't
    require any modification to the ODF schema since ODF already allows
    alternative digest algorithm as described in Section 18.972
    table:protected (as of v1.2 draft7-3).  But I'd like to correctly
    associate and document this Excel-style algorithm in the ODF spec.
    
    The algorithm itself is documented in Section 3.3.1.81 of ECMA TC-45
    OOXML specification.  The code contained therein, however, is not
    entirely correct, so I posted the correct algorithm in my blog page[1]
    for now.  I assume the final version of the OOXML spec will contain the
    correct algorithm, but so far, the latest (public) version of the spec
    that I have access to still contains the old, incorrect version.
    
    The question I'd like to ask the list members is this: what identifier
    should we use as the value of the table:protection-key-digest-algorithm
    attribute to refer to the new algorithm?  The current definition for
    this attribute:
    
    
    
    suggests that the name must be a URI.  But I'm not sure what URI to use
    for this new algorithm.
    
    Any ideas, anyone?
    
    Kohei
    
    [1] http://kohei.us/2008/01/18/excel-sheet-protection-password-hash/
    
    -- 
    Kohei Yoshida - OpenOffice.org Engineer - Novell, Inc.
    


  • 2.  Re: [office] Proper identifier for Excel-style digest algorithm

    Posted 07-07-2008 19:09
    
    
    
    
    The W3C uses the same URI to indicate which algorithm us used in calculating the hash value.  This is key to making the system work.

    They use it as an attribute of the





    On 07/07/08 12:03 PM, "Kohei Yoshida" <kyoshida@novell.com> wrote:

    The question I'd like to ask the list members is this: what identifier
    should we use as the value of the table:protection-key-digest-algorithm
    attribute to refer to the new algorithm?  The current definition for
    this attribute:

    <attribute name="table:protection-key-digest-algorithm"
               a:defaultValue="http://www.w3.org/2000/09/xmldsig#sha1">
        <ref name="anyURI"/>
    </attribute>

    suggests that the name must be a URI.  But I'm not sure what URI to use
    for this new algorithm.

    Any ideas, anyone?

    Kohei

    [1] http://kohei.us/2008/01/18/excel-sheet-protection-password-hash/

    --
    Kohei Yoshida - OpenOffice.org Engineer - Novell, Inc.
    <kyoshida@novell.com>


    --
    **********************************************************************
    Senior Technical Evangelist - Adobe Systems, Inc.
    Duane's World TV Show - http://www.duanesworldtv.org/
    Blog - http://technoracle.blogspot.com
    Community Music - http://www.mix2r.com
    My Band - http://www.myspace.com/22ndcentury
    Adobe MAX 2008 - http://technoracle.blogspot.com/2007/08/adobe-max-2008.html
    **********************************************************************


  • 3.  Re: [office] Proper identifier for Excel-style digest algorithm

    Posted 07-07-2008 19:12
    
    
    
    
    Sorry – fired email by accident before completing thoughts.

    The W3C uses the same URI to indicate which algorithm us used in calculating the digest.  This is key to making the system work by enabling deciphering.

    They use it as an attribute of the

    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

    According to the XML Signature Syntax and Processing (Second Edition), June 2008, located at http://www.w3.org/TR/xmldsig-core/:

    “The identification (URI) and transforms describe how the digested content (i.e., the input to the digest method) was created.”

    I highly suspect authors must correctly identify the digest method/algorithm by using the appropriate URI.

    Duane





    On 07/07/08 12:03 PM, "Kohei Yoshida" <kyoshida@novell.com> wrote:

    The question I'd like to ask the list members is this: what identifier
    should we use as the value of the table:protection-key-digest-algorithm
    attribute to refer to the new algorithm?  The current definition for
    this attribute:

    <attribute name="table:protection-key-digest-algorithm"
               a:defaultValue="http://www.w3.org/2000/09/xmldsig#sha1">
        <ref name="anyURI"/>
    </attribute>

    suggests that the name must be a URI.  But I'm not sure what URI to use
    for this new algorithm.

    Any ideas, anyone?

    Kohei

    [1] http://kohei.us/2008/01/18/excel-sheet-protection-password-hash/

    --
    Kohei Yoshida - OpenOffice.org Engineer - Novell, Inc.
    <kyoshida@novell.com>


    --
    **********************************************************************
    Senior Technical Evangelist - Adobe Systems, Inc.
    Duane's World TV Show - http://www.duanesworldtv.org/
    Blog - http://technoracle.blogspot.com
    Community Music - http://www.mix2r.com
    My Band - http://www.myspace.com/22ndcentury
    Adobe MAX 2008 - http://technoracle.blogspot.com/2007/08/adobe-max-2008.html
    **********************************************************************


  • 4.  Re: [office] Proper identifier for Excel-style digest algorithm

    Posted 07-07-2008 19:49

    Kohei Yoshida <kyoshida@novell.com> wrote on 07/07/2008 03:03:46 PM:

    > Hi there,
    >
    > I've already asked privately to Michael and Rob, and I think it's
    > appropriate to ask this list.
    >
    > I'm working on supporting the password hash algorithm that Excel uses to
    > hash worksheet and document passwords in OOo.  Luckily this doesn't
    > require any modification to the ODF schema since ODF already allows
    > alternative digest algorithm as described in Section 18.972
    > table:protected (as of v1.2 draft7-3).  But I'd like to correctly
    > associate and document this Excel-style algorithm in the ODF spec.
    >
    > The algorithm itself is documented in Section 3.3.1.81 of ECMA TC-45
    > OOXML specification.  The code contained therein, however, is not
    > entirely correct, so I posted the correct algorithm in my blog page[1]
    > for now.  I assume the final version of the OOXML spec will contain the
    > correct algorithm, but so far, the latest (public) version of the spec
    > that I have access to still contains the old, incorrect version.
    >
    > The question I'd like to ask the list members is this: what identifier
    > should we use as the value of the table:protection-key-digest-algorithm
    > attribute to refer to the new algorithm?  The current definition for
    > this attribute:
    >
    > <attribute name="table:protection-key-digest-algorithm"
    >            a:defaultValue="
    http://www.w3.org/2000/09/xmldsig#sha1">
    >     <ref name="anyURI"/>
    > </attribute>
    >
    > suggests that the name must be a URI.  But I'm not sure what URI to use
    > for this new algorithm.
    >
    > Any ideas, anyone?
    >

    How does OOXML, in their revised text, refer to the legacy algorithm?  I thought they also supported modern algorithms now like SHA256.  So they must have some way of indicating or referring to the legacy algorithm.  It might not be a URI, but they must describe it somehow, right?  If all else fails, call it something like "ISO/IEC 29500 Legacy Hash".

    Ideally we would refer to either ISO/IEC 29500, section 3.3.1.81 or  Ecma-376 (second edition) whenever either one of those documents appears in a publicly viewable form.  I don't think we want to duplicate their algorithm definition if we can avoid doing so.  Better to reference what they already have, when it is corrected.

    -Rob


  • 5.  Re: [office] Proper identifier for Excel-style digest algorithm

    Posted 07-07-2008 19:59
    
    
    
    
    I’ll research how PDF does this too.  

    D


    On 07/07/08 12:50 PM, "robert_weir@us.ibm.com" <robert_weir@us.ibm.com> wrote:


    Kohei Yoshida <kyoshida@novell.com> wrote on 07/07/2008 03:03:46 PM:

    > Hi there,
    >
    > I've already asked privately to Michael and Rob, and I think it's
    > appropriate to ask this list.
    >
    > I'm working on supporting the password hash algorithm that Excel uses to
    > hash worksheet and document passwords in OOo.  Luckily this doesn't
    > require any modification to the ODF schema since ODF already allows
    > alternative digest algorithm as described in Section 18.972
    > table:protected (as of v1.2 draft7-3).  But I'd like to correctly
    > associate and document this Excel-style algorithm in the ODF spec.
    >
    > The algorithm itself is documented in Section 3.3.1.81 of ECMA TC-45
    > OOXML specification.  The code contained therein, however, is not
    > entirely correct, so I posted the correct algorithm in my blog page[1]
    > for now.  I assume the final version of the OOXML spec will contain the
    > correct algorithm, but so far, the latest (public) version of the spec
    > that I have access to still contains the old, incorrect version.
    >
    > The question I'd like to ask the list members is this: what identifier
    > should we use as the value of the table:protection-key-digest-algorithm
    > attribute to refer to the new algorithm?  The current definition for
    > this attribute:
    >
    > <attribute name="table:protection-key-digest-algorithm"
    >            a:defaultValue="http://www.w3.org/2000/09/xmldsig#sha1
    <http://www.w3.org/2000/09/xmldsig#sha1> ">
    >     <ref name="anyURI"/>
    > </attribute>
    >
    > suggests that the name must be a URI.  But I'm not sure what URI to use
    > for this new algorithm.
    >
    > Any ideas, anyone?
    >

    How does OOXML, in their revised text, refer to the legacy algorithm?  I thought they also supported modern algorithms now like SHA256.  So they must have some way of indicating or referring to the legacy algorithm.  It might not be a URI, but they must describe it somehow, right?  If all else fails, call it something like "ISO/IEC 29500 Legacy Hash".

    Ideally we would refer to either ISO/IEC 29500, section 3.3.1.81 or  Ecma-376 (second edition) whenever either one of those documents appears in a publicly viewable form.  I don't think we want to duplicate their algorithm definition if we can avoid doing so.  Better to reference what they already have, when it is corrected.

    -Rob

    --
    **********************************************************************
    Senior Technical Evangelist - Adobe Systems, Inc.
    Duane's World TV Show - http://www.duanesworldtv.org/
    Blog - http://technoracle.blogspot.com
    Community Music - http://www.mix2r.com
    My Band - http://www.myspace.com/22ndcentury
    Adobe MAX 2008 - http://technoracle.blogspot.com/2007/08/adobe-max-2008.html
    **********************************************************************