On the Security Analysis of PBKDF2 in OpenOffice.

Password-based KDF2 (PBKDF2) is widely used in file authentication mechanism and file encryption which could produce a derived key more than 160 bits long. In this paper, the security of PBKDF2 algorithm and its implementation in OpenOffice are analyzed in two modes: CSP-secure mode (Chosen Single Parameter) and CMP-secure mode (Chosen Multiple Parameters). The theoretical security of PBKDF2 is proved in CSP-secure mode by using Game-Playing technology to quantify the upper bound of adversary’s advantage. However, a security flaw is explored in CMP-secure mode. This paper presents three proposals to address the security flaw. With the theoretical derivation, the actual safety of the OpenOffice encrypted file has been discussed under the latest developments for GPU-accelerated key recovery attack capability.