Subject: Re: encryption
From: Leonard Rosenthol (leonardr@lazerware.com)
Date: Tue Apr 24 2001 - 12:07:01 CDT
At 10:41 AM 4/24/2001 +0100, Tomas Frydrych wrote:
> > Encryption is a wide open concept. Are we talking password
> > protection, Digital Rights Management (DRM) Features, what?
>As I understood, the request was for password protection, which is
>normal in other wordprocessors; we could do a better job of it
>though, by using a decent algorithm.
And some other things as well. However, it may be worth our
while to also consider looking at basic DRM features as well ala PDF and
eBooks (don't copy, don't print, etc.). Admittedly, such features aren't
as secure in an open source product where one could just recompile a
"secureless" version - but it would give the average user a "touchy feely".
>I do think there is a legitimate
>place for this, sometimes people want to 'lock' an individual
>document from preying eyes, without having the wider need to use
>encrypted file systems or wanting to have an encryption suite
>installed; 'man gpg' is not an answer to this, that's a solution for a
>hacker, not the average word processor user.
>
Agreed.
> > Before you go off and do this, there are MANY other things to
> > discuss (IMHO). ... Where do keys (if any)
> > get stored? What algorithm(s) should we be using, and why?
>The password does not necessarily get stored anywhere, it is used
>to en/decrypt the file, then it can be destroyed (it certainly would
>not be stored in the encrypted file, as Aaron feared).
That's an option, though it still makes the file less secure than
even something such as a "double-blind" approach (ala Unix passwords). In
a "double-blind", you generate a random "passphrase", encrypt the document
to that value, then encrypt that value with the user's passphrase and then
store that. This makes "plain text" attacks of document files pretty useless.
>We could
>support multiple algorithms if we wanted, but blowfish would be a
>good start, it's fast in software and its in the public domain.
Blowfish is definitely a good choice. Well respected and
reviewed, no legal encumbrances, etc.
>When I said it would be very easy, I did not mean cutting corners,
Sorry about that!
>but that the AbiWord_1 file importer/exporter lends itself to do the
>job. In the AbiWord_1 file format every byte that is written/read from
>the disk goes through _writeByte(s)/_readBytes. Hooking in an
>encryption algorithm at this point, say a block cipher (such as
>blowfish) in an 8-bit CFB mode, would mean that everything that
>goes on the disk would be encrypted.
Yup!
>The only other thing you
>need is some way of identifying the algorithm and whether the
>decryption is working.
Also algorithm strength (so you know how many bits the key is),
version, etc. As far as testing the decryption, that's another advantage
of the double-blind since you'll know pretty quickly.
>I do not like very much the idea of scripting anything to
>get the file contents encrypted (and even less saving into abw or
>zabw and then using external file encryptor),
Agreed! The most places the plain text lives, the easier it is
for someone to get it!
LDR
This archive was generated by hypermail 2b25 : Tue Apr 24 2001 - 12:08:06 CDT