Īttacks that target the password include dictionary attack, rule-based attack, brute-force attack, mask attack and statistics-based attack. Office 2016 (Access, Excel, OneNote, PowerPoint, Project, and Word) uses 256-bit AES, the SHA-1 hash algorithm, 16 bytes of salt and CBC ( Cipher Block Chaining) by default.
Office 2013 introduces SHA-512 hashes in the encryption algorithm, making brute-force and rainbow table attacks slower.
Office 2013 (Access, Excel, OneNote, PowerPoint, Project, and Word) uses 128-bit AES, again with hash algorithm SHA-1 by default. With the help of the SHA-1 hash function, the password is stretched into a 128-bit key 50,000 times before opening the document as a result, the time required to crack it is vastly increased, similar to PBKDF2, scrypt or other KDFs.Įxcel and Word 2010 employed AES and a 128-bit key, but the number of SHA-1 conversions doubled to 100,000. At present there is no software that can break this encryption. In Office 2007 (Word, Excel and PowerPoint), protection was significantly enhanced since a modern protection algorithm named Advanced Encryption Standard was used. Weak passwords can still be recovered quickly even if a custom CSP is on. Choosing a non-standard Cryptographic Service Provider allows increasing the key length. In Office XP and 2003 an opportunity to use a custom protection algorithm was added. The protection presents no difficulties to hacking software. The Office-algorithm contains multiple vulnerabilities rendering it insecure. Office 97, 2000, XP and 2003 use RC4 with 40 bits. They can be cracked instantly with the help of precomputation tables. Because it's only like a Vigenere Cipher. Hacking software is now readily available to find a 16-byte key and decrypt the password-protected document. In Excel and Word 95 and prior editions a weak protection algorithm is used that converts a password to a 16-bit verifier and a 16-byte XOR obfuscation array key. History of Office Encryption Weak encryptions In Excel passwords restrict modification of the workbook, a worksheet within it, or individual elements in the worksheet.In Word and PowerPoint the password restricts modification of the entire document.Passwords that do not encrypt, but restrict modification.If the password can be determined through social engineering, the underlying cipher is not important. Since Office 2007 they are hard to break, if a sufficient complex password was chosen. This is possible in all Microsoft Office applications. A password to encrypt a document restricts opening and viewing it.There are two groups of passwords that can be set to a document: Microsoft Office password protection is a security feature to protect Microsoft Office documents (Word, Excel, PowerPoint) with a user-provided password.
0 kommentar(er)
