2.1.1104 Part 1 Section 19.2.1.19, modifyVerifier (Modification Verifier)

  • Article

a.   The standard states that the algIdExt attribute specifies that a cryptographic algorithm not defined in the standard has been used to generate the hash value stored with the document.

PowerPoint further requires that the algIdExt attribute specifies a hashing algorithm which is implemented by a CryptoAPI provider, and if the algIdExt attribute is used, the cryptProviderTypeExt attribute shall specify the provider.

b.   The standard describes the hashData attribute as the hash value for the password stored within the document.

In Office, the hashData value is the Base64 encoded representation of the binary hashing algorithm output, which is calculated as follows:

H[init] = H(password, salt)

Followed by spinCount cycles where:

H[n] = H(H[n-1], count)

Count shall begin with 0x0 and is expressed as a little-endian 32-bit integer. The initial hashing operation shall not be included in count.

c.   The standard states that the saltData attribute is a random string.

PowerPoint defines the saltData attribute as random base 64-encoded data (typically 16 bytes), and the binary form of this attribute (not the base 64-encoded version) is used by the hashing algorithm.

d.   The standard specifies that the spinCount attribute specifies the number of times the hashing function shall be iteratively run when attempting to compare a user-supplied password with the value stored in the hashData attribute.

PowerPoint does not include the initial hash of the password with the salt in this count.

e.   The standard lists several possible values for the cryptAlgorithmSid attribute.

PowerPoint only uses values 1, 2, 3, 4, 12, 13, and 14.

f.   The standard states that this setting uses a specific set of attributes to store the password hash.

In Office, when the HKCU/Software/Microsoft/Office/<VERSION>/Common/Security/UseIsoPasswordVerifier registry key is set to 1, the XML for file sharing is written by using the XML attribute structure in the following table.

Name

Description

algorithm Name

The name of the cryptographic hashing algorithm used to generate the hash value. Only those algorithms that are installed in the operating system’s cryptographic subsystem can be utilized by Office.

The following hash algorithm names are reserved:

MD2

Specifies that the MD2 algorithm, as defined by RFC 1319, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

MD4

Specifies that the MD4 algorithm, as defined by RFC 1320, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

MD5

Specifies that the MD5 algorithm, as defined by RFC 1321, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

RIPEMD-128

Specifies that the RIPEMD-128 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

RIPEMD-160

Specifies that the RIPEMD-160 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-1

Specifies that the SHA-1 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-256

Specifies that the SHA-256 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-384

Specifies that the SHA-384 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-512

Specifies that the SHA-512 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

WHIRLPOOL

Specifies that the WHIRLPOOL algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

hash Value

Specifies the hash value for the password required to edit this presentation. This value shall be compared with the resulting hash value after hashing the user-supplied password using the algorithm specified by the preceding attributes and parent XML element. If the two values match, the protection shall no longer be enforced.

[Example: Consider an Office Open XML document with the following information stored in one of its protection elements:

<… algorithmName="SHA-1" hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />

The hashValue attribute value of 9oN7nWkCAyEZib1RomSJTjmPpCY= specifies that the user-supplied password must be hashed using the pre-processing defined by the parent element (if any) followed by the hashing algorithm (specified via the algorithmName attribute value) and that the resulting hash value must be match for the protection to be disabled.

end example]

The possible values for this attribute are defined by the W3C XML Schema base64Binary datatype.

saltValue

Specifies the random bytes that are pre-pended to the user-supplied password before it was hashed by the hashing algorithm.

spinCount

Specifies the number of times the hashing function shall be iteratively run (using each iteration's result as the input for the next iteration).

[Example:

Consider an Office Open XML document with the following information stored in one of its protection elements:

< … algorithmName="SHA-1" hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />

The algorithmName attribute value of SHA-1 specifies that the SHA-1 hashing algorithm must be used to generate a hash from the user-defined password.

end example]