“The data protection feature in Microsoft Word and Excel documents has a major flaw that could allow snoopers to decode password-protected files, a security researcher has warned.
The problem arises because Microsoft programmers did not implement the encryption correctly in its Office applications, Hongjun Wu, a cryptographer at the Institute of Infocomm Research in Singapore, wrote in a paper on the topic.
‘A lot of information could be retrieved from those encrypted files,’ Wu said in the paper. ‘If anyone has used the encryption in Microsoft Office...then it is time for him/her to assess the damage that has been caused.’
The current issue is almost identical to the weak system key issue in 1999, said Bruce Schneier, chief technology officer of Counterpane Internet Security and author of "Applied Cryptography."
"This is a kindergarten crypto mistake," Schneier said. "And to make it twice is worse."
Schneier, who wrote about the issue on his blog earlier this week, hammered at Microsoft for not learning from past mistakes.
Microsoft RC4 Flaw
One of the most important rules of stream ciphers is to never use the same keystream to encrypt two different documents. If someone does, you can break the encryption by XORing the two ciphertext streams together. The keystream drops out, and you end up with plaintext XORed with plaintext -- and you can easily recover the two plaintexts using letter frequency analysis and other basic techniques.
The easy way to prevent this attack is to use a unique initialization vector (IV) in addition to the key whenever you encrypt a document.
Microsoft uses the RC4 stream cipher in both Word and Excel. And they make this mistake. Hongjun Wu has details (link is a PDF).
In this report, we point out a serious security flaw in Microsoft Word and Excel. The stream cipher RC4 [9] with key length up to 128 bits is used in Microsoft Word and Excel to protect the documents. But when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is applied to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered easily.
This isn't new. Microsoft made the same mistake in 1999 with RC4 in WinNT Syskey. Five years later, Microsoft has the same flaw in other products.”
http://www.schneier.com/blog/archives/2005/01/microsoft_rc4_f.html
http://eprint.iacr.org/2005/007.pdf
http://news.zdnet.com/2100-1009_22-5543940.html?tag=nl.e589
Posts
No comments:
Post a Comment