Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

MS Office encryption flaw uncovered

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
Home » Discuss » DU Groups » Computers & Internet » Open Source and Free Software Group Donate to DU
 
Renew Deal Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-19-05 03:24 PM
Original message
MS Office encryption flaw uncovered
Flaw is believed to affect all current versions of Office

By John E. Dunn, Techworld.com
January 19, 2005

A researcher has uncovered what is claimed to be a “serious” flaw in the way Microsoft (Profile, Products, Articles) implements document encryption in Word and Excel.

The problem relates to the way Microsoft implements the 128-bit RC4 encryption algorithm when re-saving documents after their initial creation. In this situation it appears that the programs use the same password key and initialization vectors to encrypt different versions of the same document. Normally where the same password key is being used, different vectors should be used.

The problem emerged from detailed investigation by Hongjun Wu of the Institute of Infocomm Research in Singapore and has been dissected by him in a new paper, “The Misuse of RC4 in Microsoft Word and Excel”.

The flaw, which is believed to affect all current versions of the Office programs named, sounds highly technical but Wu describes a number of everyday scenarios where it would seriously undermine document security. One likely compromise was where two co-workers edited successive versions of a document where the password remained constant.
<snip>

http://www.infoworld.com/article/05/01/19/HNmsofficeflaw_1.html?source=NLC-TB2005-01-19
Refresh | 0 Recommendations Printer Friendly | Permalink | Reply | Top
WannaJumpMyScooter Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Jan-20-05 01:03 AM
Response to Original message
1. Security and Micro$oft in the same sentance? And this suprises, us
how?
Printer Friendly | Permalink | Reply | Top
 
Renew Deal Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Jan-27-05 02:32 PM
Response to Original message
2. A followup
CRYPTO EXPERT: MICROSOFT WORD, EXCEL FLAW IS SERIOUS

Cryptography expert Phil Zimmermann has said he believes the flaw discovered in Microsoft's Word and Excel encryption is serious and warrants immediate attention.

http://newsletter.infoworld.com/t?ctl=B38F56:1F5CC8F
Printer Friendly | Permalink | Reply | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Sun Dec 22nd 2024, 08:57 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » DU Groups » Computers & Internet » Open Source and Free Software Group Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC