incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 119090] Default Encryption Fails for Down-Level Implementations
Date Mon, 19 Mar 2012 23:34:04 GMT
https://issues.apache.org/ooo/show_bug.cgi?id=119090

--- Comment #11 from orcmid <orcmid@apache.org> 2012-03-19 23:34:04 UTC ---
@Rob:

I agree with seeding the progression of releases with versions that accept
AES256-cbc (and the other 4, for that matter), while continuing to produce the
common ODF 1.0/1.1/1.2 Blowfish CFB encryption.

I suspect it is easy to rever to Blowfish CFB, since it is there for when
default Save mode is ODF 1.0/1.1.  So someplace during the Save with Password
process, a test on Save version has to be made.  It is probably relatively easy
to find that and jam the result.  I'll nose around but I am certain there are
others who know better where the essential code is.

It may be more difficicut to come up with configuration options that would now
cause AES256 (and any others) to be used instead, since the current ones are
for reverting to ODF 1.0/1.1 default encryption and use of SHA1.  If that's
difficulty, it can be safely deferred to a future release.

-- 
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Mime
View raw message