2.2.10 Strong Password Verifier Algorithm

Several protection records BrtBookProtectionIso (section 2.4.309), BrtSheetProtectionIso (section 2.4.784), BrtCsProtectionIso (section 2.4.343), BrtRangeProectionIso (section 2.4.756), BrtRangeProtection14 (section 2.4.755), and BrtFileSharingIso (section 2.4.672) use a strong password hash (compatible with ISO/IEC 29500 as described in [ISO/IEC29500-1:2016] sections 18.2.12, 18.2.29, 18.3.1.71, 18.3.1.84, and 18.3.1.85) to provide a locking and unlocking system for viewing or editing parts of the workbook. This password hash is used to prevent accidental editing, and is not designed to be used as a security feature. Password hashes are usually computed by the algorithm specified in [MS-OFFCRYPTO] section 2.4.2.4 ISO Write Protection Method. Under some circumstances, the password is first converted to a 16-bit verifier value as specified by the Password Verifier Algorithm (section 2.2.9) and reinterpreted as a single Unicode character, which is then passed to the algorithm specified in [MS-OFFCRYPTO] section 2.4.2.4 ISO Write Protection Method. There is no way to determine which method was used to generate a hash without knowledge of the password; it is necessary to compute both hashes to verify the password.

See section 4 for information about security concerns related to the use of this algorithm for password verification in this file format.