CHAPTER 3
126
Syntax
Password Algorithms
In addition to the encryption key, the standard security handler must provide the
contents of the encryption dictionary (Table 3.18 on page 116 and Table 3.19 on
Filter
,
V
,
Length
,
R
, and
P
entries are straightforward,
but the computation of the
O
(owner password) and
U
(user password) entries
requires further explanation. Algorithms 3.3 through 3.5 show how the values of
the owner password and user password entries are computed (with separate
versions of the latter depending on the revision of the security handler).
Algorithm 3.3
Computing the encryption dictionary’s O (owner password) value
1.
Pad or truncate the owner password string as described in step 1 of Algorithm 3.2.
If there is no owner password, use the user password instead. (See implementation
Initialize the MD5 hash function and pass the result of step 1 as input to this function.
(Revision 3 or greater)
Do the following 50 times: Take the output from the previ-
ous MD5 hash and pass it as input into a new MD5 hash.
Create an RC4 encryption key using the first
n
bytes of the output from the final
MD5 hash, where
n
is always 5 for revision 2 but, for revision 3 or greater, depends
on the value of the encryption dictionary’s
Length
entry.
Pad or truncate the user password string as described in step 1 of Algorithm 3.2.
Encrypt the result of step 5, using an RC4 encryption function with the encryp-
tion key obtained in step 4.
(Revision 3 or greater)
Do the following 19 times: Take the output from the previ-
ous invocation of the RC4 function and pass it as input to a new invocation of the
function; use an encryption key generated by taking each byte of the encryption
key obtained in step 4 and performing an XOR (exclusive or) operation between
that byte and the single-byte value of the iteration counter (from 1 to 19).
Store the output from the final invocation of the RC4 function as the value of the
O
entry in the encryption dictionary.
2.
3.
4.
5.
6.
7.
8.
Algorithm 3.4
Computing the encryption dictionary’s U (user password) value (Revision 2)
1.
2.
3.
Create an encryption key based on the user password string, as described in Algo-
Encrypt the 32-byte padding string shown in step 1 of Algorithm 3.2, using an
RC4 encryption function with the encryption key from the preceding step.
Store the result of step 2 as the value of the
U
entry in the encryption dictionary.