Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Mar 2012 18:37:17 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: GSoC non-hash office documents

On Wed, Mar 28, 2012 at 1:23 PM, Mike Wing <mvwing@...il.com> wrote:
> Hi
>
> I'm rather interested in working on some of the non-hashes for
> GSoC. Specifically the Office  ones that popped up recently. Just doing
> a rudimentary search, the MS office format (up to 2003) using XOR and RC4
> appears to be fairly compromised and exploitable as outlined in this
> paper http://eprint.iacr.org/2005/007.pdf. And this has been
> further developed by a french researcher (here:
> http://www.esiea-recherche.eu/data/filiol_pacsec.pdf). I would like to work
> on bringing these features to JtR.
These papers are mainly about RC4 key stream reuse related to earlier
versions of the same files. While this is all well and good this is
not how JtR operates :) I'd love to see RC4 in GPU/CPU which could be
more like JtR.
These two blog posts should illustrate:
http://blogs.msdn.com/b/david_leblanc/archive/2008/07/03/office-crypto-follies.aspx
http://blogs.msdn.com/b/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx
The last one references the work from 2004 of  Hongjun Wu
(http://eprint.iacr.org/2005/007.pdf)
-rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.