Export (0) Print
Expand All
Expand Minimize

2.1.409 Part 4 Section 2.15.1.28, documentProtection (Document Editing Restrictions)

a. The standard states that the reversed byte order of the legacy hash key will be hashed as defined by the attribute values.

In Word, an additional third stage is added to the process of hashing and storing a user supplied password. In this third stage, the reversed byte order legacy hash from the second stage shall be converted to Unicode hex string representation [Example: If the single byte string 7EEDCE64 is converted to Unicode hex string it will be represented in memory as the following byte stream: 37 00 45 00 45 00 44 00 43 00 45 00 36 00 34 00. end example], and that value shall be hashed as defined by the attribute values.

This note applies to the following products: 2007, 2007 SP1, 2007 SP2.

b. In the standard, the algIdExt attribute specifies that a cryptographic algorithm has been used to generate the document hash value.

Word requires that the cryptProviderTypeExt attribute be specified if the algIdExt attribute is used.

This note applies to the following products: 2007, 2007 SP1, 2007 SP2.

c. The standard states that the values of the algIdExtSource attribute are defined by the ST_String simple type.

Word restricts the value of this attribute to be wincrypt.

This note applies to the following products: 2007, 2007 SP1, 2007 SP2.

d. In the standard, the cryptProviderTypeExtSource attribute of the documentProtection element allows for a string to specify the application that defined the provider type.

Word requires that the cryptProviderTypeExtSource attribute value be specified as wincrypt.

This note applies to the following products: 2007, 2007 SP1, 2007 SP2.

e. In the standard, the hash attribute describes the hash value for the password stored within the document, but the algorithm for generating the hash value is not specified.

The hash value is the Base64 encoded representation of the binary hashing algorithm output, which is calculated as follows:

H[init] = H(password, salt)

Followed by cryptSpinCount cycles where:

H[n] = H(H[n-1], count)

Count shall begin with 0x0 and is expressed as a little-endian 32-bit integer. The initial hashing operation shall not be included in count.

This note applies to the following products: 2007, 2007 SP1, 2007 SP2.

f. The standard's salt attribute description conflicts with itself, describing the salt attribute as being both prepended and appended to the password.

Word appends the salt attribute to the password.

g. In the standard, the cryptSpinCount attribute specifies the number of times the hashing function shall be iteratively run.

Word requires that the initial hash of the password with the salt not be considered in the count.

h. In the standard, the cryptAlgorithmSid has a list of supported values from 1 through 14 or any decimal number.

Word only supports values 1, 2, 3, 4, 12, 13, and 14.

This note applies to the following products: 2007, 2007 SP1, 2007 SP2.

i. The standard states that if the enforcement attribute is omitted, then protection settings are ignored by application.

Word enforces protection when this attribute is missing.

j. The standard states that the values for the cryptSpinCount attribute are defined by the ST_DecimalNumber simple type.

Word only supports values for the cryptSpinCount attribute that are between 0 and 5000000.

k. The standard states that the salt attribute is a base64 string.

Word appends the binary form of the salt attribute and not the base64 string representation when hashing.

l. The standard states that this setting uses a specific set of attributes (specified by the AG_Password attribute group) to store the password hash.

In Office, when the HKCU/Software/Microsoft/Office/<VERSION>/Common/Security/UseIsoPasswordVerifier registry key is set to 1, the XML for file sharing is written by using the XML attribute structure in the following table.

Name

Description

algorithm Name

The name of the cryptographic hashing algorithm used to generate the hash value. Only those algorithms that are installed in the operating system’s cryptographic subsystem can be utilized by Office.

The following hash algorithms are reserved:

MD2

Specifies that the MD2 algorithm, as defined by RFC 1319, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

MD4

Specifies that the MD4 algorithm, as defined by RFC 1320, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

MD5

Specifies that the MD5 algorithm, as defined by RFC 1321, shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

RIPEMD-128

Specifies that the RIPEMD-128 algorithm, as defined by ISO/IEC 10118-3:2004 shall be used.

[Note: It is recommended that applications should avoid using this algorithm to store new hash values, because of publicly known breaks. end note]

RIPEMD-160

Specifies that the RIPEMD-160 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-1

Specifies that the SHA-1 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-256

Specifies that the SHA-256 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-384

Specifies that the SHA-384 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

SHA-512

Specifies that the SHA-512 algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

WHIRLPOOL

Specifies that the WHIRLPOOL algorithm, as defined by ISO/IEC 10118-3:2004, shall be used.

hash Value

Specifies the hash value for the password required to edit this worksheet. This value shall be compared with the resulting hash value after hashing the user-supplied password using the algorithm specified by the preceding attributes and parent XML element. If the two values match, the protection shall no longer be enforced.

If this value is omitted, then the reservationPassword attribute shall contain the password hash for the workbook.

[Example: Consider an Office Open XML document with the following information stored in one of its protection elements:

<… algorithmName="SHA-1" hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />

The hashValue attribute value of 9oN7nWkCAyEZib1RomSJTjmPpCY= specifies that the user-supplied password must be hashed using the pre-processing defined by the parent element (if any) followed by the hashing algorithm (specified via the algorithmName attribute value) and that the resulting hash value must be match for the protection to be disabled.

end example]

The possible values for this attribute are defined by the W3C XML Schema base64Binary datatype.

saltValue

Specifies the random bytes that are pre-pended to the user-supplied password before it was hashed by the hashing algorithm.

spinCount

Specifies the number of times the hashing function shall be iteratively run (using each iteration's result as the input for the next iteration).

[Example:

Consider an Office Open XML document with the following information stored in one of its protection elements:

< … algorithmName="SHA-1" hashValue="9oN7nWkCAyEZib1RomSJTjmPpCY=" />

The algorithmName attribute value of SHA-1 specifies that the SHA-1 hashing algorithm must be used to generate a hash from the user-defined password.

end example]

This note applies to the following products: 2007 SP2, 2010.

Show:
© 2015 Microsoft