Microsoft Office encryption poor?

By Derek Sooman on January 27, 2005, 2:09 PM
Is the encryption used in Microsoft Office almost useless? Possibly. Microsoft Office (specifically Word and Excel) uses an encryption called RC4, which according to researcher Hongjun Wu has a serious problem.

"The initialization vector remains the same when an encrypted document gets modified and saved. The consequence is that the same keystream is used to encrypt the different versions of a document and a lot of information could be retrieved from those encrypted files. If anyone has used the encryption in the Microsoft Office in the way similar to that described in this report, then it is time for him/her to assess the damage that has been caused." - Hongjun Wu.

Microsoft has said that they are unaware of any attacks exploiting the vulnerability, and that there is no cause for alarm. A spokesperson for the company claims that this issue poses a very low threat for customers. But that spokesperson also said that in some cases, an attacker may be able to read the contents of an encrypted file if multiple versions of that file are available to the attacker. Microsoft Office encryption is widely used throughout many modern enterprises.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.