2.1.402 Part 1 Section 17.15.1.29, documentProtection (Document Editing Restrictions)

  • Article

a.   The standard's salt attribute description conflicts with itself, describing the salt attribute as being both prepended and appended to the password.

Word prepends the salt attribute to the password.

b.   In the standard, the spinCount attribute specifies the number of times the hashing function shall be iteratively run.

Word requires that the initial hash of the password with the salt not be considered in the count.

c.   The standard states that if the enforcement attribute is omitted, then protection settings are ignored by application.

Word enforces protection when this attribute is missing.

d.   The standard states that the values for the cryptSpinCount attribute are defined by the ST_DecimalNumber simple type.

Word supports values only for the spinCount attribute that are between 0 and 10,000,000 (inclusive).

e.   The standard states that the saltValue attribute is a base64 string.

Word prepends the binary form of the saltValue attribute and not the base64 string representation when hashing.

f.   The standard states that this setting uses a specific set of attributes, specified by the AG_Password attribute group, to store the password hash.

In Office, when the HKCU/Software/Microsoft/Office/<VERSION>/Common/Security/UseIsoPasswordVerifier registry key is set to 1, the XML for file sharing is written by using the XML attribute structure in the following table.

Name

Description

algorithm Name

The name of the cryptographic hashing algorithm used to generate the hash value. Only those algorithms that are installed in the operating system’s cryptographic subsystem can be utilized by Office.

The following hash algorithm names are reserved:

MD2

Specifies that the MD2 algorithm, as defined by RFC 1319, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

MD4

Specifies that the MD4 algorithm, as defined by RFC 1320, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

MD5

Specifies that the MD5 algorithm, as defined by RFC 1321, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

RIPEMD-128

Specifies that the RIPEMD-128 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

RIPEMD-160

Specifies that the RIPEMD-160 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-1

Specifies that the SHA-1 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-256

Specifies that the SHA-256 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-384

Specifies that the SHA-384 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-512

Specifies that the SHA-512 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

WHIRLPOOL

Specifies that the WHIRLPOOL algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

hash Value

Specifies the hash value for the password required to edit this worksheet. This value shall be compared with the resulting hash value after hashing the user-supplied password using the algorithm specified by the preceding attributes and parent XML element. If the two values match, the protection shall no longer be enforced.

If this value is omitted, then the reservationPassword attribute shall contain the password hash for the workbook.

[Example: Consider an Office Open XML document with the following information stored in one of its protection elements:

<… algorithmName="SHA-1" hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />

The hashValue attribute value of 9oN7nWkCAyEZib1RomSJTjmPpCY= specifies that the user-supplied password must be hashed using the pre-processing defined by the parent element (if any) followed by the hashing algorithm (specified via the algorithmName attribute value) and that the resulting hash value must be match for the protection to be disabled.

end example]

The possible values for this attribute are defined by the W3C XML Schema base64Binary datatype.

saltValue

Specifies the random bytes that are pre-pended to the user-supplied password before it was hashed by the hashing algorithm.

spinCount

Specifies the number of times the hashing function shall be iteratively run (using each iteration's result as the input for the next iteration).

[Example:

Consider an Office Open XML document with the following information stored in one of its protection elements:

< … algorithmName="SHA-1" hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />

The algorithmName attribute value of SHA-1 specifies that the SHA-1 hashing algorithm must be used to generate a hash from the user-defined password.

end example]