'Serious' Microsoft Office Encryption Flaw Uncovered
Cryptography expert Phil Zimmermann says he believes a flaw recently discovered in Microsoft Office's Word and Excel encryption is serious and warrants immediate attention.
Source: PC World"I think this is a serious flaw--it is highly exploitable. It is not a theoretical attack," says Zimmermann, referring to a flaw in Microsoft's use of RC4 document encryption unearthed recently by a researcher in Singapore.
Zimmermann is best known as the creator of Pretty Good Privacy, a desktop encryption program so powerful that U.S. authorities attempted to have its distribution stopped and Zimmermann imprisoned for writing it. The case was abandoned in 1996.
The problem relates to the way Microsoft's applications implement the 128-bit RC4 encryption algorithm when resaving documents after their initial creation. In this situation the programs apparently use the same password key and initialization vectors to encrypt different versions of the same document. Normally where the same password key is being used, different vectors should be used.
0