A Microsoft encryption flaw similar to one
first reported back in 1998 in Windows NT
has resurfaced in recent versions of Microsoft Office
, rendering the password feature in Word and Excel open to hacking. According to Hongjun Wu
, a cryptographer at the Institute of Infocomm Research in Singapore, it is possible to compare two password-protected Word or Excel drafts and discern the original password. Microsoft says this is a minor vulnerability, but security experts disagree: weak password protection is sometimes worse than no password protection. Weak password protection gives the illusion that you are safe when you are not.
Weak password protection gives the illusion that you are safe when you are not.
Microsoft uses a 128-bit RC4-based encryption scheme in all versions of its Microsoft Office system. For example, if you change just one word in the document, Microsoft uses the same key and initialization vector in the edited draft (which is bad). Thus, you could look at your corporate network, find two password-protected documents, one the original and the other an edited version, then use these two to derive the password, thereby unlocking the document and exposing its contents.
Keys in a stream
There are a couple of ways to approach encryption, and one of them is known as a stream cipher. A stream cipher uses a randomly generated string of bits called a keystream. There are two types of keystreams: synchronous, where the keystream is independent of the plain text and cipher text, or self-synchronizing, where the keystream is dependent on the plain text and its encryption. Most stream ciphers these days are synchronous.
One-time pads used in World War II
The thinking behind stream ciphers comes from one-time pads, which use codes made up entirely at random and were distributed in wartime (one-time pads were recently made famous by Neal Stephenson's World War II novel Cryptonomicon, although they date back several centuries). The trick is to distribute copies of the one-time pads to the soldiers in the field. Whenever a new document was encoded at the headquarters, the first bits told the soldiers which one-time pad to use to decipher it. One-time pads, because of their purely random codes, are still considered very secure. You can see how the stream cipher attempts to re-create that with its random keys.
With or without this vulnerability, Microsoft Office passwords are relatively easy to crack.
One of the most common stream ciphers in use, although it is not considered an encryption standard today, is RC4. Developed in the mid-1990s by Ron Rivest (the R in RSA Security), RC4 has been since been cracked by several security experts under certain conditions. Increasing the password key length from 64 bits to 128 bits improves matters, but there remain other, stronger encryption methods, such as AES.
Microsoft's weak security
With or without this vulnerability, Microsoft Office passwords are relatively easy to crack. A Russian company, Elcomsoft, sells application-specific password-recovery software--you know, for those times when you locked a file in Word but can't remember the password. Ostensibly the tool is marketed for system administrators to test the security of passwords used on Office documents, but since just about everything these days has both a legit reason to exist and an illegitimate reason, I'll let you use your own imagination as to who's really using these apps and why. Microsoft does offer a full knowledge base article detailing the limits on password protection available within Office documents.
If your business depends on secure Word or Excel documents, particularly if you need to send them to clients, I recommend avoiding Microsoft's encryption all together. I'd compress and encrypt them with WinZip or PKZip. The security within these apps is much better, although it does require that both parties use the required software to open the secured documents.
Do you currently use Microsoft's passwords on Word or Excel documents? Why or why not? Talk back to me.