<html>
    <head>
      <base href="https://bugs.documentfoundation.org/">
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - "Hash incompatible" in calc spreadsheet"
   href="https://bugs.documentfoundation.org/show_bug.cgi?id=123877#c11">Comment # 11</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - "Hash incompatible" in calc spreadsheet"
   href="https://bugs.documentfoundation.org/show_bug.cgi?id=123877">bug 123877</a>
              from <span class="vcard"><a class="email" href="mailto:mikekaganski@hotmail.com" title="Mike Kaganski <mikekaganski@hotmail.com>"> <span class="fn">Mike Kaganski</span></a>
</span></b>
        <pre>(In reply to Eike Rathke from <a href="show_bug.cgi?id=123877#c10">comment #10</a>)

The relevant ODF markup is table:protection-key (19.701) and
table:protection-key-digest-algorithm (19.702) [1]. The latter clarifies that
the values are implementation-defined; so we could use something like
"OOXML-SHA512" as table:protection-key-digest-algorithm value, with all three
"hashValue", "saltValue" and "spinCount" stored in table:protection-key,
without any ODF extension, and without storing it elsewhere. I believe it would
be correct to store in auto-recovery; while it could be questionable whether
it's OK to use in Save As (my take would be "yes, when user is unable to
provide the correct password, instead of allowing to drop password").

[1]
<a href="https://docs.oasis-open.org/office/OpenDocument/v1.3/OpenDocument-v1.3-part3-schema.html#attribute-table_protection-key">https://docs.oasis-open.org/office/OpenDocument/v1.3/OpenDocument-v1.3-part3-schema.html#attribute-table_protection-key</a></pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>