Bug 58048 - Weak Encryption used in POI
Summary: Weak Encryption used in POI
Status: RESOLVED WONTFIX
Alias: None
Product: POI
Classification: Unclassified
Component: POI Overall (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-17 13:23 UTC by Donald
Modified: 2015-06-17 20:18 UTC (History)
0 users



Attachments
scan report (45.60 KB, application/pdf)
2015-06-17 13:23 UTC, Donald
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Donald 2015-06-17 13:23:54 UTC
Created attachment 32833 [details]
scan report

POI is using inadequate RSA padding and insecure mode of cipher operation. See attached report for more information.
Comment 1 Nick Burch 2015-06-17 13:48:49 UTC
Isn't this actually "Microsoft Office file formats use Weak Encryption, and POI faithfully matches that"?

Much as we might like to whack up the encryption settings, if the resulting file isn't readable by Office and isn't a valid Office file, then we haven't really helped...
Comment 2 Donald 2015-06-17 20:18:17 UTC
Agree. Closing this ticket.