OpenXML proposes its own cryptographic algorithms, ignoring some safe encryption algorithms approved after an extensive public scrutiny. Within the list of pre-well-known algorithms are listed, MD2, MD3. MD5, which are included by backwards compatibility.
It is requested to indicate which algorithms are recommended and which ones should be used only for bequeathed document conversion, within the list of algorithms. It is also requested to attach an example of the configuration to be used with algorithm ISO 10118-3.
Sections 2.15.1.28, page 1941, 3.3.1.69, page 2786 y 3.2.29, page 2698
te
Proposed Disposition of DIS 29500 Comment UY-0006 (Modified: 2008-01-03) Agreed; several national bodies provided valid concerns that the existing legacy hashing mechanisms were insufficient within the context of the specification, and we believe that these concerns warrant the replacement of the existing mechanisms with a new mechanism which: Takes as input the UTF-16 encoding of the input string (and therefore does not have problems with characters above the Latin-1 Unicode subrange) Feeds them directly to hash algorithms which have been standardized after appropriate cryptographic review (the algorithms described in ISO/IEC 10118-3:2004 have been referenced as a set of suggested algorithms) Stores the resulting hash value, salt, and spin count within the Office Open XML document This change will be made in each instance where a password is stored throughout WordprocessingML, SpreadsheetML, and PresentationML (see the response to CA-0037 for a complete description of the changes to the specification). In order to address the concern that algorithms which have been comprised be explicitly marked, that change includes the following note within the list of algorithms: [Note: It is recommended that applications should avoid using this algorithm to store new hash values, due to publically known breaks. end note]. This change appears as follows within the context of the updated specification: Value Algorithm MD2 Specifies that the MD2 algorithm, as defined by RFC 1319, shall be used. [Note: It is recommended that applications should avoid using this algorithm to store new hash values, due to publically known breaks. end note] MD4 Specifies that the MD4 algorithm, as defined by RFC 1320, shall be used. [Note: It is recommended that applications should avoid using this algorithm to store new hash values, due to publically known breaks. end note] MD5 Specifies that the MD5 algorithm, as defined by RFC 1321, shall be used. Value Algorithm [Note: It is recommended that applications should avoid using this algorithm to store new hash values, due to publically known breaks. end note] RIPEMD-128 Specifies that the RIPEMD-128 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used. [Note: It is recommended that applications should avoid using this algorithm to store new hash values, due to publically known breaks. end note] RIPEMD-160 Specifies that the RIPEMD-160 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used. SHA-1 Specifies that the SHA-1 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used. SHA-256 Specifies that the SHA-256 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used. SHA-384 Specifies that the SHA-384 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used. SHA-512 Specifies that the SHA-512 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used. WHIRLPOOL Specifies that the WHIRLPOOL algorithm, as defined by ISO/IEC 10118-3:2004 shall be used. To illustrate the syntax of this new mechanism, the following markup represents a password hash stored using the SHA-512 algorithm, which is defined in ISO/IEC 10118-3:2004: <p:modifyVerifier p:algorithmName="SHA-512" p:spinCount="50000" p:saltValue="ZUdHa+D8F/OAKP3I7ssUnQ==" p:hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />
