Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Mar 2012 12:38:03 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Office passwords; testing of raw crypto keys; rainbow
 tables (was: Research ideas.)

On Fri, Mar 23, 2012 at 8:48 PM, Solar Designer <solar@...nwall.com> wrote:
> Once again, to be clear, I do want simple support for the various Office
> files to be implemented - with testing of candidate passwords like JtR
> normally does - possibly under GSoC 2012.
Excellent!
>
>> I am also placing a tarball of various document's I've made using
>> various old and new office, and 3rd party office
>> (OpenOffice/LibreOffice etc) that are password protected. The file
>> names have the Cipher they were encrypted with and the password that
>> they were encrypted with. Something to note is that MS Office
>> truncates the 97-2000 40-bit RC4 encrypted passwords to 15 characters.
>> See the Readme files about the naming convention used in my tarball.
>> I've tested each of these files against the various free tools and two
>> I have paid for and have been able to recover using dictionaries and
>> or key exhaustion.
>> MS Office does offer more options of encryption, and I've also made
>> and tested these files also. These files that don't have "97-2000" in
>> the name must be brute-forced however, at least that is what everyone
>> else is doing :)
>
> Why don't you upload this to our wiki?
>
> http://openwall.info/wiki/john/sample-non-hashes
Uploaded.
> Just include a note that these are not actually supported by JtR yet.
Done.
>> As far as more modern (default) encryption, 128-Bit AES is used on
>> Office 2007 and 2010.On a related note I believe the ODF spec uses
>> Blowfish/PBKDF2
>
> I previously posted this link:
>
> http://www.golubev.com/blog/?p=94
Small correction, and it may just be pedantic, MS office (2007-10) are
OLE files when encrypted as opposed to being "Zip" files when not
encrypted. This is different than ODF formats whose container remains
a "Zip" regardless of encryption.
http://msdn.microsoft.com/en-us/library/dd907883%28office.12%29.aspx#ctl00_MTCS_main_ctl05
http://code.google.com/p/ooxmlcrypto/
I doubt it makes much difference, but just in case.
-rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.