Date: Wed, 28 Mar 2012 18:37:17 -0400 From: Rich Rumble <richrumble@...il.com> To: john-dev@...ts.openwall.com Subject: Re: GSoC non-hash office documents On Wed, Mar 28, 2012 at 1:23 PM, Mike Wing <mvwing@...il.com> wrote: > Hi > > I'm rather interested in working on some of the non-hashes for > GSoC. Specifically the Office ones that popped up recently. Just doing > a rudimentary search, the MS office format (up to 2003) using XOR and RC4 > appears to be fairly compromised and exploitable as outlined in this > paper http://eprint.iacr.org/2005/007.pdf. And this has been > further developed by a french researcher (here: > http://www.esiea-recherche.eu/data/filiol_pacsec.pdf). I would like to work > on bringing these features to JtR. These papers are mainly about RC4 key stream reuse related to earlier versions of the same files. While this is all well and good this is not how JtR operates :) I'd love to see RC4 in GPU/CPU which could be more like JtR. These two blog posts should illustrate: http://blogs.msdn.com/b/david_leblanc/archive/2008/07/03/office-crypto-follies.aspx http://blogs.msdn.com/b/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx The last one references the work from 2004 of Hongjun Wu (http://eprint.iacr.org/2005/007.pdf) -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.