2.1.671 Part 4 Section 3.3.1.69, protectedRange (Protected Range)

a.   The standard sets no restrictions on the string for the name attribute.

Office requires that the name attribute shall be unique within the parent element collection, start with a letter, only contain letters, numbers, spaces, underscores, periods, backslashes, or question marks.

b.   The standard does not define the minimum values for the sqref attribute.

Office defines the minimum value for the sqref attribute to be 1.

c.   The standard does not limit the length of the value of the name attribute.

Word restricts the value of this attribute to be at least 1 and at most 255 characters.

d.   The standard states that this setting uses a specific Password attribute to store the password hash.

In Office, when the HKCU/Software/Microsoft/Office/<VERSION>/Common/Security/UseIsoPasswordVerifier registry key is set to 1, the XML for file sharing is written by using the XML attribute structure in the following table.

Name

Description

algorithm Name

The name of the cryptographic hashing algorithm used to generate the hash value. Only those algorithms that are installed in the operating system’s cryptographic subsystem can be utilized by Office.

The hash algorithm names, described in the following table, are reserved.

MD2

Specifies that the MD2 algorithm, as defined by RFC 1319, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

MD4

Specifies that the MD4 algorithm, as defined by RFC 1320, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

MD5

Specifies that the MD5 algorithm, as defined by RFC 1321, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

RIPEMD-128

Specifies that the RIPEMD-128 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

RIPEMD-160

Specifies that the RIPEMD-160 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-1

Specifies that the SHA-1 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-256

Specifies that the SHA-256 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-384

Specifies that the SHA-384 algorithm, as defined by ISO/IEC 10118-3:2004,  shall be used.

SHA-512

Specifies that the SHA-512 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

WHIRLPOOL

Specifies that the WHIRLPOOL algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

hash Value

Specifies the hash value for the password required to edit this worksheet. This value shall be compared with the resulting hash value after hashing the user-supplied password using the algorithm specified by the preceding attributes and parent XML element. If the two values match, the protection shall no longer be enforced.

If this value is omitted, then the reservationPassword attribute shall contain the password hash for the workbook.

[Example: Consider an Office Open XML document with the following information stored in one of its protection elements:

<… algorithmName="SHA-1" hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />

The hashValue attribute value of 9oN7nWkCAyEZib1RomSJTjmPpCY= specifies that the user-supplied password must be hashed using the pre-processing defined by the parent element (if any) followed by the hashing algorithm (specified via the algorithmName attribute value) and that the resulting hash value must be match for the protection to be disabled.

end example]

The possible values for this attribute are defined by the W3C XML Schema base64Binary datatype.

saltValue

Specifies the random bytes that are pre-pended to the user-supplied password before it was hashed by the hashing algorithm.

spinCount

Specifies the number of times the hashing function shall be iteratively run (using each iteration's result as the input for the next iteration).

[Example:

Consider an Office Open XML document with the following information stored in one of its protection elements:

< … algorithmName="SHA-1" hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />

The algorithmName attribute value of SHA-1 specifies that the SHA-1 hashing algorithm must be used to generate a hash from the user-defined password.

end example]

This note applies to the following products: 2007 SP2, 2010.

Show: