Content deleted Content added
→Encryption: dash created confusion that rest of text was an explanation of text before it. Semicolon clearer that they are two separate statements. |
|||
Line 216:
# A checksum of a portion of the compressed file is computed (SHA-1 of the file contents, or SHA-1 of the first 1024 bytes of the file, or SHA-256 of the first 1024 bytes of the file) and stored so password correctness can be verified when decrypting.
# A digest (hash) of the user entered password in UTF-8 encoding is created and passed to the package component. ODF versions 1.0 and 1.1 only mandate support for the SHA-1 digest here, while version 1.2 recommends SHA-256.
# This digest is used to produce a derived key by undergoing [[key stretching]] with [[PBKDF2]] using HMAC-SHA-1 with a salt of arbitrary length (in ODF 1.2
# The random number generator is used to generate a random initialization vector for each file.
# The initialization vector and derived key are used to encrypt the compressed file contents. ODF 1.0 and 1.1 use Blowfish in 8-bit cipher feedback mode, while ODF 1.2 considers it a legacy algorithm and allows [[Triple DES]] and [[Advanced Encryption Standard|AES]] (with 128, 196 or 256 bits), both in cipher block chaining mode, to be used instead.
| |||