tdf#114939 sfx2: notify user of non-interoperable passwords

For ODF 1.1 encryption, SHA1 is used as the start-key digest algorithm of PBKDF2. For the ODF export password-to-modify "feature", PBKDF2 is used without a start-key digest round, so the UTF-8 encoded password is directly the input. In both cases, if the user entered a password with a known problematic length, reject it and request a new one. Change-Id: Ie6510c1e668e1ed32be439ebe00354881b6ca83f
author: Michael Stahl <mstahl@redhat.com> 2018-01-12 22:30:07 +0100
committer: Michael Stahl <mstahl@redhat.com> 2018-01-12 23:31:44 +0100
commit: 9ef1734f03a008545a01fd394dd0e979bb230a0f (patch)
tree: 3183fcbf01682047978b78d7de5cea4c40ea8939 /uui
parent: 50382b9e9256d7361e3770daa654fb8d09448635 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/uui/source/iahndl-authentication.cxx b/uui/source/iahndl-authentication.cxx
index 643e0e12a4e2..14f4425958b7 100644
--- a/uui/source/iahndl-authentication.cxx
+++ b/uui/source/iahndl-authentication.cxx
@@ -438,6 +438,9 @@ executeMasterPasswordDialog(
     }
 
     sal_uInt8 aKey[RTL_DIGEST_LENGTH_MD5];
+    // FIXME this is subject to the SHA1-bug tdf#114939 - but this
+    // MasterPassword stuff is just stored in the UserInstallation,
+    // so no interop concerns
     rtl_digest_PBKDF2(aKey,
                       RTL_DIGEST_LENGTH_MD5,
                       reinterpret_cast< sal_uInt8 const * >(aMaster.getStr()),
author	Michael Stahl <mstahl@redhat.com>	2018-01-12 22:30:07 +0100
committer	Michael Stahl <mstahl@redhat.com>	2018-01-12 23:31:44 +0100
commit	9ef1734f03a008545a01fd394dd0e979bb230a0f (patch)
tree	3183fcbf01682047978b78d7de5cea4c40ea8939 /uui
parent	50382b9e9256d7361e3770daa654fb8d09448635 (diff)