Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Mar 2012 12:38:03 -0400
From: Rich Rumble <>
Subject: Re: Office passwords; testing of raw crypto keys; rainbow
 tables (was: Research ideas.)

On Fri, Mar 23, 2012 at 8:48 PM, Solar Designer <> wrote:
> Once again, to be clear, I do want simple support for the various Office
> files to be implemented - with testing of candidate passwords like JtR
> normally does - possibly under GSoC 2012.
>> I am also placing a tarball of various document's I've made using
>> various old and new office, and 3rd party office
>> (OpenOffice/LibreOffice etc) that are password protected. The file
>> names have the Cipher they were encrypted with and the password that
>> they were encrypted with. Something to note is that MS Office
>> truncates the 97-2000 40-bit RC4 encrypted passwords to 15 characters.
>> See the Readme files about the naming convention used in my tarball.
>> I've tested each of these files against the various free tools and two
>> I have paid for and have been able to recover using dictionaries and
>> or key exhaustion.
>> MS Office does offer more options of encryption, and I've also made
>> and tested these files also. These files that don't have "97-2000" in
>> the name must be brute-forced however, at least that is what everyone
>> else is doing :)
> Why don't you upload this to our wiki?
> Just include a note that these are not actually supported by JtR yet.
>> As far as more modern (default) encryption, 128-Bit AES is used on
>> Office 2007 and 2010.On a related note I believe the ODF spec uses
>> Blowfish/PBKDF2
> I previously posted this link:
Small correction, and it may just be pedantic, MS office (2007-10) are
OLE files when encrypted as opposed to being "Zip" files when not
encrypted. This is different than ODF formats whose container remains
a "Zip" regardless of encryption.
I doubt it makes much difference, but just in case.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.