Weak/Broken: MS office encryption for Word & Excel

Printable View

January 21st, 2005, 04:37 AM
zencoder

Weak/Broken: MS office encryption for Word & Excel

Bruce Schneier mentioned this a few days ago, and while the topic of misusing an encryption protocol is not new, I feel it bears repeating.

Hongjun Wu of the Institute for Infocomm Research, Singapore has written an informative paper entitled The Misuse of RC4 in Microsoft Word and Excel. He pretty much sums up the whole point right there.

The distilled version is this: if you have two versions of an encrypted Word or Excel document, you can compare them to recover the data. This is done by XORing the two documents against each other and then using some basic pattern analysis. Not your typical script kiddie fare, but not too difficult either, if one applies some time and effort to learning a few skills.

Quote:

It's an amateur crypto mistake.

I like how Bruce put's it, and he's right. What is trully dissapointing is the fact that MS was stung by this before...5 years ago, with their NT Syskey encryption of the SAM. Two whole OS versions and god knows HOW many Office versions later, and this is still an issue? Someone in MS product development and engineering should be fired, IMNSHO.
January 21st, 2005, 11:44 AM
nihil

Well Zen~ since when have Microsoft done anything secure?................like the passwords in Win 9x? or the whole office suite?

My complaint is that they do not make the limitations clear. Their security prevents casual or inadvertent interception/interference, but is in no way real security.....................it never has been.

I remember getting this Access tool from Avionics Division.................a guy rang me up a few hours later and said "you will need the password" to which I replied "lager1664................can't you guys spell Kronenbourg?".......................he was not a happy bunny :D

It is the false sense of security that is the problem?
January 21st, 2005, 08:00 PM
mohaughn

I think it is moreso a misuse of the product. I've read many security policies and most of them say that sensitive/secure data needs to be encrypted. But I've never seen one that said MS Office encryption is the encryption to use. Now, most policies insist on 256bit AES or higher encryption for documents. Definitely not what MS Office is giving. I guess it really comes down to how secure is the product and how secure is it marketed.. I've never seen an MS document that says you can use MS Office encryption to secure government secrets. It's just not what the product was designed for.

If you are using MS Office to secure something that is worth the time of a cracker to find another encrypted copy and work through this, then you are not doing your job properly.

Does Word really need to do 256 AES encryption when there are so many other tools that do it so well? Word isn't a security product, it is a word processor. Leave the encryption to true encryption packages. It just amazes me that the experts in the field still love to find products that are not intended for secure use and then bash them. I guess they have to keep their name in the media somehow.

I just checked the MS Office 2k3 help file and this is what it says- "Note Requiring a password to modify a file does not encrypt the contents of the file."

So why the hell are these guys even writing the articles when the product documentation says it is not really encrypting the contents??????? The help file doesn't make a distinction between the weak XOR that is default and the MS Strong encryption that they used in this article, but either way. I'm not going to use a product for security purposes when the help file clearly says what I posted above.
January 21st, 2005, 08:30 PM
zencoder

Quote:

Originally posted here by mohaughn
I think it is moreso a misuse of the product.

How is it a misuse of the product? Microsoft sell's that product with one of the features being touted as the ability to protect a document from being opened (or modified...more on this below...) with a password.

It's not mis-use of the product...if anything, it's mis-representation of the products capabilities. If Ford-rolet designs, builds, and sells a car, advertising all its advantages including a "Big-Gulp sized cup holder", someone buys the car and puts a Big-Gulp in the cup holder, which then drops the cup and spills it on the new-car carpet and they get mad, is it reasonable to tell that person "you shouldn't be buying a car just for the cup holder!" It was advertised that way!

Quote:

Does Word really need to do 256 AES encryption when there are so many other tools that do it so well? Word isn't a security product, it is a word processor. Leave the encryption to true encryption packages. It just amazes me that the experts in the field still love to find products that are not intended for secure use and then bash them. I guess they have to keep their name in the media somehow.

No, I don't think many of us would legitimately argue with you that word needs 256bit AES to protect the documents. And yes, those in the know WOULD use one of the much better products, I'd think. But when Microsoft sells a product with "Security Features" they've built in, then it's not a matter of whether it "needs" the features...they're already there. And some companies are buying it because the spec sheet reflects these "features" exist.

Quote:

I just checked the MS Office 2k3 help file and this is what it says- "Note Requiring a password to modify a file does not encrypt the contents of the file."

So if we mark a document for modify-only-with-password, we shouldn't expect encryption? Thanks. Much appreciated. But I never did. Modify-only has *nothing* to do with encryption except the fact that they both use a password. We're talking about encrypting the whole document...i.e. password needed to open/view/read/print the document.

Quote:

So why the hell are these guys even writing the articles when the product documentation says it is not really encrypting the contents??????? The help file doesn't make a distinction between the weak XOR that is default and the MS Strong encryption that they used in this article, but either way. I'm not going to use a product for security purposes when the help file clearly says what I posted above.

Go back to my last statement. They are reviewing the use of an accepted and approved encryption algorithm by the single most recognized software firm in the world in a product stated to have security features to protect the users content. The use of this algorith is incorrect, and this is the point of the article. If you really think this is about MS bashing, think again. It's about saying "this is done wrong", proving it, and opening discussion so the industry can learn from this mistake. Will they learn from the mistake? That's another discussion.

/* edited for grammatical errors */
January 21st, 2005, 08:34 PM
zencoder

If you think these people are doing this simply to justify their own existence, you may be right. Go ahead, use that ROT13 encryption. It's safe...no need to have it tested by anyone outside the company selling you the software using it. Trust them.
January 21st, 2005, 11:47 PM
Double//Cut

M$ are notorious fundamental weak security.

But, if you only rely on certain security features, and not their whole suite, then your just as bad as the employees at M$...

If you have a document you dont want others to see, use NTFS permissions along with encrypting the file via Office/PGP, etc etc

Win9X Security was pretty pathetic, but once you really hacked it up, it became alot more secure.
February 5th, 2005, 07:02 PM
mohaughn

Quote:

How is it a misuse of the product? Microsoft sell's that product with one of the features being touted as the ability to protect a document from being opened (or modified...more on this below...) with a password.

So you expect a file to be read only or hidden just because you check the file attribute box that says so? Where is the news article blasting MS for having such weak security that you can simply run attrib or change the attributes through the GUI??? It is non-news. These experts are just publishing this kind of stuff to keep their names in the media. It is FUD reporting, and we don't need it.

It is the responsibility of the user to understand how secure the product is and make sure that the security of the product matches up with the desired security of the content they are trying to protect.
February 5th, 2005, 07:22 PM
bigb

Quote:

It is the responsibility of the user to understand how secure the product is and make sure that the security of the product matches up with the desired security of the content they are trying to protect.

I agree.

I tend not to look at the protections provided by M$ as the end all (imagine that). It's just naive practice. But, if you look at it as an additional layer, it's certainly has merit. Security, after all, is something that needs to be dealt with in various layers. Obviously, if somthing is worth cracking, it's worth the consideration of multiple security layers. Using the password feature is a good (not to mention minimally intrusive) added step.