Date: Tue, 27 Mar 2012 12:38:03 -0400 From: Rich Rumble <richrumble@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Office passwords; testing of raw crypto keys; rainbow tables (was: Research ideas.) On Fri, Mar 23, 2012 at 8:48 PM, Solar Designer <solar@...nwall.com> wrote: > Once again, to be clear, I do want simple support for the various Office > files to be implemented - with testing of candidate passwords like JtR > normally does - possibly under GSoC 2012. Excellent! > >> I am also placing a tarball of various document's I've made using >> various old and new office, and 3rd party office >> (OpenOffice/LibreOffice etc) that are password protected. The file >> names have the Cipher they were encrypted with and the password that >> they were encrypted with. Something to note is that MS Office >> truncates the 97-2000 40-bit RC4 encrypted passwords to 15 characters. >> See the Readme files about the naming convention used in my tarball. >> I've tested each of these files against the various free tools and two >> I have paid for and have been able to recover using dictionaries and >> or key exhaustion. >> MS Office does offer more options of encryption, and I've also made >> and tested these files also. These files that don't have "97-2000" in >> the name must be brute-forced however, at least that is what everyone >> else is doing :) > > Why don't you upload this to our wiki? > > http://openwall.info/wiki/john/sample-non-hashes Uploaded. > Just include a note that these are not actually supported by JtR yet. Done. >> As far as more modern (default) encryption, 128-Bit AES is used on >> Office 2007 and 2010.On a related note I believe the ODF spec uses >> Blowfish/PBKDF2 > > I previously posted this link: > > http://www.golubev.com/blog/?p=94 Small correction, and it may just be pedantic, MS office (2007-10) are OLE files when encrypted as opposed to being "Zip" files when not encrypted. This is different than ODF formats whose container remains a "Zip" regardless of encryption. http://msdn.microsoft.com/en-us/library/dd907883%28office.12%29.aspx#ctl00_MTCS_main_ctl05 http://code.google.com/p/ooxmlcrypto/ I doubt it makes much difference, but just in case. -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.