Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Nov 2012 00:40:47 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Office <=2003 format


On 31 Oct, 2012, at 2:55 , Rich Rumble <richrumble@...il.com> wrote:

> On Tue, Oct 30, 2012 at 8:02 PM, magnum <john.magnum@...hmail.com> wrote:
>> I am considering implementing oldoffice in OpenCL. This will be easy enough
>> but I would prefer splitting it into two different formats - one for MD5 and
>> another for SHA1. But what would I call them? When did they switch to SHA1?
>> It seems all Office 2003 test files are using SHA1.
> That's right, it changed in (office)2003 to a more secure default. The
> rounds changed between 2007 and 2010 I believe (from 1k to 50k).
> http://blogs.msdn.com/b/david_leblanc/archive/2008/07/03/office-crypto-follies.aspx

Funny reading. OK so our "oldoffice" format handles versions between and including Office 97 and Office 2003. This is (counting actual digest calls, not "updates") either 9 x MD5 + RC4 decryption of 32 bytes, or 3 x SHA1 + RC4 decryption of 36 bytes. Maybe the latter is Office 2003?

Office 2007 defaults to 50004 x SHA1, then AES128 and a final SHA1.

Office 2010 is very similar but defaults to 100000 rounds of SHA1 (plus 4 outside the loop). Some other minor details are changed too.

Office 2013 is exactly like Office 2010, except it uses SHA-512.

> I'd call the old "weak" encryption MS_OFFICE_RC4, I think the md5 is
> the last part of the encryption and the RC4 the "main part" no? It's
> typically referred to as RC4

But it can be either MD5 + RC4 or SHA1 + MD4 so just saying RC4 is not enough.

> http://blogs.msdn.com//b/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx
> It appears they change the crypto with SP's
> http://blogs.msdn.com//b/david_leblanc/archive/2009/05/20/office-2007-sp2-encryption-settings.aspx
> (I've not changed the defaults in those example files, I may add some :)
> http://blogs.msdn.com//b/david_leblanc/archive/2008/12/04/new-improved-office-crypto.aspx
> -rich


Good links. Thanks!

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ