[Libreoffice] default ODF encryption/checksum algorithms changed in master. Good thing ?

Dennis E. Hamilton dennis.hamilton at acm.org
Mon Aug 15 10:34:18 PDT 2011

SHA1 is not considered insecure for the purposes it is used in packages.  Or, put another way, the insecurities that apply to those usages are not materially improved by using SHA256 instead of SHA1.

I think there are ways to do this that do not cause down-level problems and do not require back-porting.  See my earlier suggestion about ways that mutual users of encrypted documents tend to be limited anyhow, because it requires exchange of a password.

 - Dennis

-----Original Message-----
From: libreoffice-bounces+dennis.hamilton=acm.org at lists.freedesktop.org [mailto:libreoffice-bounces+dennis.hamilton=acm.org at lists.freedesktop.org] On Behalf Of Kohei Yoshida
Sent: Monday, August 15, 2011 06:33
To: Caolán McNamara
Cc: Thorsten Behrens; LibreOffice
Subject: Re: [Libreoffice] default ODF encryption/checksum algorithms changed in master. Good thing ?

On Mon, 2011-08-15 at 11:05 +0100, Caolán McNamara wrote:
> Since 5dd2784030e00fa1857b30ee8c5da62e221bfd32 (inherited change) the
> default encryption and checksum algorithms used in our .odt export
> changed, e.g. sha1 to sha256. They changed for settings of "ODF >=
> 1.2".
> What it means in practice is that encrypted document exported from >=
> 3.5/3.6 won't be openable in older versions, e.g. <= 3.4
> There is a UseSHA1InODF12 and UseBlowfishInODF12 setting which is
> currently disabled.
> Such a change shouldn't go unnoticed anyway. So...
> a) is this a good thing that should be welcomed, with a "users using
> older version of LibreOffice/OpenOffice.org should upgrade and/or hassle
> their vendors for patched versions with support for these backported"

IMO, we may have to backport this since, if the experience of the 3.4.x
releases is repeated in the 3.5.x releases, we won't reach stabilization
in the first couple of .x releases.  So there will be a period we have
3.4 and 3.5 releases in parallel where we'll be recommending 3.4 over

Alternatively, we could provide in 3.5 a way to encrypt it using sha1,
for backward compatibility.  The downside is that sha1 is considered to
be insecure - the very reason ODF has switched to sha256 in the first

Or, we could disable sha256 in the 3.5.x releases until it reaches the
point of stabilization and we start recommending it over 3.4.

But I think, ultimately this would depend on the magnitude of code
change required to backport it to 3.4....

Just my opinion.


Kohei Yoshida, LibreOffice hacker, Calc
<kohei.yoshida at suse.com>

LibreOffice mailing list
LibreOffice at lists.freedesktop.org

More information about the LibreOffice mailing list