OpenOffice files are ZIP archives with extensions such as odt (for text document - equivalent of microsoft word ) and ods (for spredsheet documents - equivalent of Microsoft Excel). Unzipping OpenOffice files reveals that they contain various XML files the most important of which is content.xml. When OpenOffice files are password protected the XML files have the same name, but their contents are seemingly random garbage since they are encrypted.
1.A 20-byte SHA1 digest of the user entered password is created and passed to the package component.
This seems redundant since PBKDF2 (Password-Based Key Derivation Function) already applies SHA1 many times.
2.The package component initializes a random number generator with the current time.
3.The random number generator is used to generate a random 8-byte initialization vector and 16-byte salt for each file. The initialization vector and the salt can be found in META-INF/manifest.xml
4.This salt is used together with the 20-byte SHA1 digest of the password to derive a unique 128-bit key for each file. The algorithm used to derive the key is PBKDF2 using HMAC-SHA-1 (see [RFC2898]) with an iteration count of 1024.