{"id":93,"date":"2005-01-20T05:27:03","date_gmt":"2005-01-20T02:27:03","guid":{"rendered":"http:\/\/void.gr\/kargig\/blog\/?p=93"},"modified":"2005-01-20T05:33:31","modified_gmt":"2005-01-20T02:33:31","slug":"the-misuse-of-rc4-in-microsoft-word-and-excel","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2005\/01\/20\/the-misuse-of-rc4-in-microsoft-word-and-excel\/","title":{"rendered":"The Misuse of RC4 in Microsoft Word and Excel"},"content":{"rendered":"<p>There&#8217;s a nice <a href=\"http:\/\/eprint.iacr.org\/2005\/007.pdf\">pdf<\/a> around that explains how stupid can sometimes programmers or companies be. And that of course affects the(ir) users.<br \/>\nMS supports encryption in word and excel documents (wowZ!) but hey&#8230;do they do it &#8220;properly&#8221; ? Of course not&#8230;so people end up believing that they are safe&#8230;when in fact they are just wide open to attackers.<\/p>\n<blockquote><p>Abstract. In this report, we point out a serious security flaw in Microsoft<br \/>\nWord and Excel. The stream cipher RC4 [9] with key length up<br \/>\nto 128 bits is used in MicrosoftWord and Excel to protect the documents.<br \/>\nBut when an encrypted document gets modified and saved, the initialization<br \/>\nvector remains the same and thus the same keystream generated<br \/>\nfrom RC4 is applied to encrypt the different versions of that document.<br \/>\nThe consequence is disastrous since a lot of information of the document<br \/>\ncould be recovered easily.<\/p><\/blockquote>\n<p>This analysis is pretty well written and explains a lot of stuff in a step by step mode. Give your self the chance to find out how you must learn not to trust anyone who provides you &#8220;security&#8221; and &#8220;encryption&#8221; services. <\/p>\n<p>Go  GO GOOOOOO MS! You did it again!<\/p>\n<p>Looks like RC4 isn&#8217;t Microsoft&#8217;s favorite algorithm&#8230;http:\/\/seclists.org\/lists\/bugtraq\/1995\/Dec\/0004.html<br \/>\nAre they SO dumb ? or do they do it on purpose? <\/p>\n","protected":false},"excerpt":{"rendered":"<p>There&#8217;s a nice pdf around that explains how stupid can sometimes programmers or companies be. And that of course affects the(ir) users. MS supports encryption in word and excel documents (wowZ!) but hey&#8230;do they do it &#8220;properly&#8221; ? Of course not&#8230;so people end up believing that they are safe&#8230;when in fact they are just wide [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-93","post","type-post","status-publish","format-standard","hentry","category-general"],"aioseo_notices":[],"views":3303,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/93","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=93"}],"version-history":[{"count":0,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/93\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=93"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=93"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}