2.4.2.4 ISO Write Protection Method

Cases where binary documents use the following hashing algorithm, intended to be compatible with ISO/IEC 29500 (for more information, see [ISO/IEC29500-1:2011]), are specified in [MS-XLSB]. The ISO password hashing algorithm takes the following parameters:

  • Password: An array of Unicode characters specifying the write protection password. The password MUST be a minimum of 1 and a maximum of 255 Unicode characters.

AlgorithmName: A Unicode string specifying the name of the cryptographic hash algorithm used to compute the password hash value. The values in the following table are reserved. (Values that are not defined MAY<27> be used, and a compliant implementation is not required to support all defined values. The string MUST be at least 1 character. See section 4 for additional information.)

Value

Hash algorithm

SHA-1

MUST conform to the details as specified in [RFC4634].

SHA-256

MUST conform to the details as specified in [RFC4634].

SHA-384

MUST conform to the details as specified in [RFC4634].

SHA-512

MUST conform to the details as specified in [RFC4634].

MD5

MUST conform to MD5.

MD4

MUST conform to the details as specified in [RFC1320].

MD2

MUST conform to the details as specified in [RFC1319].

RIPEMD-128

MUST conform to the details as specified in [ISO/IEC 10118].

RIPEMD-160

MUST conform to the details as specified in [ISO/IEC 10118].

WHIRLPOOL

MUST conform to the details as specified in [ISO/IEC 10118].

  • Salt: An array of bytes that specifies the salt value used during password hash generation. When computing hashes for new passwords, this MUST be generated using an arbitrary pseudorandom function. When verifying a password, the salt value retrieved from the document MUST be used. The salt MUST NOT be larger than 65,536 bytes.

  • SpinCount: A 32-bit unsigned integer that specifies the number of times to iterate on a hash of a password. It MUST NOT be greater than 10,000,000.

Let H() be an implementation of the hashing algorithm specified by AlgorithmName, iterator be an unsigned 32-bit integer, Hn be the hash data of the nth iteration, and a plus sign (+) represent concatenation. The initial password hash is generated as follows.

  • H0 = H(salt + password)

The hash is then iterated using the following approach.

  • Hn = H(Hn-1 + iterator)

where iterator is initially set to 0 and is incremented monotonically on each iteration until SpinCount iterations have been performed. The value of iterator on the last iteration MUST be one less than SpinCount. The final hash is then Hfinal = HSpinCount-1.