incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for Down-Level Implementations
Date Mon, 26 Mar 2012 01:15:19 GMT
TJ,

I was doing some nosing around and, based on some information on the Community Forums (thank
you Hagar), it looks like the settings are controlled in a file called registrymodifications.xcu,
at least on Windows.  The location will vary with different versions of windows.

On windows, you can find one under the installed-user profile, such as Documents & Settings\orcmid\Application
Data [a hidden file], OpenOffice/3/user/registrymodification.xcu for any install since the
AES256 has been instituted as default.  the *.xcu is actually an XML file and you can find
the settings by searching for "blowfish" and for "SHA1".

How this works for Mac, Solaris, OS/2, and the various Linus and BSD builds, I have no idea.

 - Dennis

-----Original Message-----
From: TJ Frazier [mailto:tjfrazier@cfl.rr.com] 
Sent: Friday, March 23, 2012 11:26
To: ooo-dev@incubator.apache.org
Subject: Re: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for Down-Level Implementations

[ ... ]

... options to consider:

3. User change to config file, to use the new option.

I have suggested a writeup on this, but such instructions are much 
better aimed at the (few?) users who want the "latest and greatest" 
security option, and will do a little work to get it. (Does anybody know 
what that file name is? Given that, I volunteer to update the Release 
Notes.)

4. Macro to toggle the settings.

This could be distributed in a BASIC library (new or existing); no 
extension necessary. User instructions to find and run the macro are 
simple. I may be able to write this; preliminary investigation is 
promising but not certain. I volunteer to try. There are several real 
experts on this list, whom I might ask for help.

/tj/
>
>
>
> [1] https://issues.apache.org/ooo/show_bug.cgi?id=119090
>
> On 19.03.2012 14:48, Jürgen Schmidt wrote:
>> On 3/19/12 2:16 PM, TJ Frazier wrote:
>>> On 3/19/2012 08:48, Jürgen Schmidt wrote:
>>>> Hi,
>>>>
>>>> I think issue 119090 is no show stopper from my point of view. The new
>>>> default provides a better security than before when I understand it
>>>> correct. And if people detect potential problems they can save the
>>>> document again with other settings.
>>>>
>>>> I agree that this is important for interoperability but no show
>>>> stopper.
>>>>
>>>> Any other opinion?
>>>>
>>>> Juergen
>>>>
>>>>
>>> Hi, Jürgen,
>>>
>>> Like Dennis, I'm nervous about this. Perhaps we can handle it with a
>>> mention in the Release Notes; something like,
>>>
>>> PLEASE NOTE: the default options for [technical details here] should
>>> provide your best /individual/ security. However, if you intend to share
>>> the document in secure fashion, the default mode cannot be read by
>>> * previous versions of OpenOffice.org
>>> * current versions of LibreOffice, at least through [version]
>>> * Ms Office [version info]
>>> For compatibility, use the options [details here].
>>>
>>
>> I agree that it make sense to mention it in the release notes.
>>
>> Any volunteer for updating the release notes?
>>
>> Juergen
>
>



Mime
View raw message