Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 2 Sep 2012 12:52:02 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: oldoffice

On Sun, Sep 2, 2012 at 11:16 AM, Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Sun, Sep 2, 2012 at 8:34 PM, magnum <john.magnum@...hmail.com> wrote:
>> You should set FMT_UNICODE in the oldoffice format. Also, you might want to use the full Unicode conversion functions (I think you do in the office 2007+ format) and set FMT_UTF8 too. Perhaps you already planned this?
>
> I will add it to my TODO list. Thanks!
>
> I will get back to this task after writing a cracker for STRIP Password Manager.
>
>> BTW, did they use some other encryption between Office 2003 and 2007? Is support for that planned too? Maybe I missed some discussion on the lists.
>
> I don't think there was any other encryption scheme which was used
> between Office 2003 and 2007.
Since Office XP they supported other Cipher Types and longer keys
(128bit I think); the default was the 40-bit RC4 until office 2003
http://blogs.msdn.com/b/david_leblanc/archive/2008/07/03/office-crypto-follies.aspx
I previously outlined and linked to some of this data previously:
http://www.openwall.com/lists/john-dev/2012/03/23/17
I created one of each type (if not more?) using each of the office
suites I could get a hold of. I did not use any Mac/Apple office
suites, but I did attempt to use all the windows office suites. I only
created Excel and Word doc's, I did not do Power Point or Access DB's.
The samples I believe are on the wiki now
http://openwall.info/wiki/john/sample-non-hashes. Something to note,
is the password could be longer than what office will accept in some
cases, so I believe 15 characters is the max those cases.
-rich

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ