Presentation on Black Hat Windows 2000 Security Conference Analysis of Microsoft Office password protection system, and survey.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.
1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level.
Tutorial 8: Developing an Excel Application
ICS103 Programming in C Lecture 1: Overview of Computers & Programming
This presentation will take a look at to prevent your information from being discovered by and investigator.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 14 Sharing Documents 1 Morrison / Wells / Ruffolo.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
Microsoft Office Excel 2013 Expert Microsoft Office Excel 2013 Expert Courseware # 3254 Lesson 6: Protecting and Configuring Workbooks.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Electronic Mail Security
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
CIS 450 – Network Security Chapter 8 – Password Security.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.
Information Systems Security
Cryptography, Authentication and Digital Signatures
The Misuse of RC4 in Microsoft Office A paper by: Hongjun Wu Institute for Infocomm Research, Singapore ECE 578 Matthew Fleming.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Chapter 15: Electronic Mail Security
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.
Now, please open your book to page 60, and let’s talk about chapter 9: How Data is Stored.
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
無線網路安全 WEP. Requirements of Network Security Information Security Confidentiality Integrity Availability Non-repudiation Attack defense Passive Attack.
Lecture 2: Introduction to Cryptography
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Intro to Cryptography Lesson Introduction
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.
DES Analysis and Attacks CSCI 5857: Encoding and Encryption.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Cryptography and Its Algorithms Scott Chappell. What is Cryptography?  Definition: the art of writing or solving codes.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Network Security. Three tools Hash Function Block Cipher Public Key / Private Key.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
Chapter 5: The Art of Ensuring Integrity
ICS103 Programming in C Lecture 1: Overview of Computers & Programming
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Microsoft Office Access 2003
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Outline Using cryptography in networks IPSec SSL and TLS.
DISSERTATION ON CRYPTOGRAPHY.
Presentation transcript:

Presentation on Black Hat Windows 2000 Security Conference Analysis of Microsoft Office password protection system, and survey of encryption holes in other MS Windows applications

Analysis of Microsoft Office password protection system 1. Key principles of data password protection 2. Passwords in Microsoft Word 97/ Passwords in Microsoft Excel 97/ VBA Macros protection 5. Microsoft Outlook personal storage files 6. French version of MS Office – strong crypto prohibition 7. Old versions of MS Office applications 8. Protection recommendations

Key principles of data password protection 1. Key is stored within the document. When someone attempts to open the document, the program checks whether the key entered is the same as the stored one. If the key doesn’t match, the program locks further processing of the document. 2. A key hash is stored within the document. "A hash function is a function, mathematical or otherwise, that takes a variable-length input string (called a pre- image) and converts it to a fixed-length (generally smaller) output string (called a hash value)." (Bruce Schneier). When this method is employed, a key entered by a user is being transformed into a data string of fixed length used to verify the key, but that string cannot be used to retrieve the key itself. 3. A key is used to encrypt the document with a certain algorithm. The protection reliability depends only on releability of the algorithm and the length of the key.

Passwords in Microsoft Word 97/2000 Write protection password. This password is stored inside the document. You can see it using any HEX-viewer. Write protection password. This password is stored inside the document. You can see it using any HEX-viewer. Document protection password. Password hash is stored in the document. Hash length is only 32 bits. We can change this password to any other one, or disable it (replace with a hash of an empty string). Document protection password. Password hash is stored in the document. Hash length is only 32 bits. We can change this password to any other one, or disable it (replace with a hash of an empty string). Password to open When this password is set, the entire Word document (including a part of auxiliary information) is encrypted with the RC4 algorithm (stream cipher). 128-bit long hash formed with the MD5 algorithm is used for password verification. Encryption key is 40-bit long, because state regulations of many countries don’t allow using stronger crypto. Password to open When this password is set, the entire Word document (including a part of auxiliary information) is encrypted with the RC4 algorithm (stream cipher). 128-bit long hash formed with the MD5 algorithm is used for password verification. Encryption key is 40-bit long, because state regulations of many countries don’t allow using stronger crypto. Applications for password recovery: Advanced Office 2000 Password Recovery Applications for password recovery: Advanced Office 2000 Password Recovery

Passwords in Microsoft Excel 97/2000 Write protection password. This password is stored inside the document. You can see it using any HEX-viewer. Write protection password. This password is stored inside the document. You can see it using any HEX-viewer. Document protection password. Password hash is stored in the document. Hash length is only 32 bits. We can change this password to any other one, or disable it (replace with a hash of an empty string). Document protection password. Password hash is stored in the document. Hash length is only 32 bits. We can change this password to any other one, or disable it (replace with a hash of an empty string). Password to open When this password is set, the entire Word document (including a part of auxiliary information) is encrypted with the RC4 algorithm (stream cipher). 128-bit long hash formed with the MD5 algorithm is used for password verification. Encryption key is 40-bit long, because state regulations of many countries don’t allow using stronger crypto. Password to open When this password is set, the entire Word document (including a part of auxiliary information) is encrypted with the RC4 algorithm (stream cipher). 128-bit long hash formed with the MD5 algorithm is used for password verification. Encryption key is 40-bit long, because state regulations of many countries don’t allow using stronger crypto. Book and Sheet password. When an Excel Sheet is being protected with a password, a 16-bit (two byte) long hash is generated. Book protection is somewhat more sophisticated. Hash generation algorithm is the same as with sheet protection, however, a whole document is being encrypted. Password for encryption is “VelvetSweatshop”. Book and Sheet password. When an Excel Sheet is being protected with a password, a 16-bit (two byte) long hash is generated. Book protection is somewhat more sophisticated. Hash generation algorithm is the same as with sheet protection, however, a whole document is being encrypted. Password for encryption is “VelvetSweatshop”. Applications for password recovery: Advanced Office 2000 Password Recovery Applications for password recovery: Advanced Office 2000 Password Recovery

VBA Macros protection Office 97: Passwords are stored almost in their original form – a very simple encryption algorithm is being used. These passwords can be recovered or changed/removed instantly. Office 97: Passwords are stored almost in their original form – a very simple encryption algorithm is being used. These passwords can be recovered or changed/removed instantly. Office 2000: Windows CryptoAPI is being used. Password hash is generated with SHA algorithm. These passwords can be recovered by brute-force or dictionary attacks only; however, they can be changed or removed. Office 2000: Windows CryptoAPI is being used. Password hash is generated with SHA algorithm. These passwords can be recovered by brute-force or dictionary attacks only; however, they can be changed or removed. Applications for password recovery: Advanced Office 2000 Password Recovery Advanced VBA Password Recovery Applications for password recovery: Advanced Office 2000 Password Recovery Advanced VBA Password Recovery

Microsoft Outlook Personal Storage files This application allows protecting user’s personal data stored in *.pst files (Personal Storage Files) with a password. Protection of user’s personal information and of his/her personal correspondence is a very important factor to be taken into account when developing general concept of information protection. However, Microsoft is using a very simple and unstable algorithm here as well. Password hash is generated with CRC-32 algorithm (32-bit check sum). It has been proven that a 6-character input data array (non-printable characters not included) can be found for any check sum. So, password retrieval turns to be a trivial task. Applications for password recovery: Advanced Office 2000 Password Recovery Advanced Outlook Password Recovery Applications for password recovery: Advanced Office 2000 Password Recovery Advanced Outlook Password Recovery

French versions of Microsoft Office Strong cryptographic algorithms are banned in France. So, if MS Word or Excel document has been created (password-protected) on a computer with French regional settings, very simple encryption algorithm (XOR-based) is being used. A 16-byte sequence is generated from any password (we can also calculate the password from that sequence). If we know 16 bytes from source plaintext, then password recovery is trivial. In most cases, passwords for these files can be recovered instantly by means of statistical plaintext analysis. Applications for password recovery: Advanced Office 2000 Password Recovery Applications for password recovery: Advanced Office 2000 Password Recovery

Old versions of MS Office applications Microsoft Word 2.0, 6.0 and 95 (7.0), Excel 4.0, 5.0 and 95 (7.0) are using even less powerful encrypting algorithm. To encrypt a document, an exclusive OR operation (XOR) with a sequence derived from the password is being used. As some (predictable) auxiliary information is encrypted, too, that sequence can be recovered. So, file open password in these Word and Excel versions can be retrieved in a fraction of second. Applications for password recovery: Advanced Office 2000 Password Recovery Advanced Office 95 Password Recovery Applications for password recovery: Advanced Office 2000 Password Recovery Advanced Office 95 Password Recovery

Protection recommendations Having read this text, many users will become unsure about entrusting their secrets to Microsoft software. The answer is very simple – use other software products to protect confidential information. For example, one can use a reputable, thoroughly tested Pretty Good Privacy (PGP) software. It is based on a well-known mathematical problem – factorization of a very great number into prime numbers. There is no known (analytical) solution of this problem, and exhaustion of all possible combinations will take forever – even with state-of- the-art machines. If you decide to protect your document with a password (to set a file open password in Word or Excel) anyway, choose a complicated one. Avoid using words from a dictionary, or your name/surname as a password. Your password should consist of letters (both upper- and lower-case), numbers, and special symbols. You can also use symbols from your national alphabet. A secure password might look like this: “fO7#s!kP4x*a”. However please, note that with today’s computers, decrypting your document won’t take longer than a few days (or even hours on a LAN). Having read this text, many users will become unsure about entrusting their secrets to Microsoft software. The answer is very simple – use other software products to protect confidential information. For example, one can use a reputable, thoroughly tested Pretty Good Privacy (PGP) software. It is based on a well-known mathematical problem – factorization of a very great number into prime numbers. There is no known (analytical) solution of this problem, and exhaustion of all possible combinations will take forever – even with state-of- the-art machines. If you decide to protect your document with a password (to set a file open password in Word or Excel) anyway, choose a complicated one. Avoid using words from a dictionary, or your name/surname as a password. Your password should consist of letters (both upper- and lower-case), numbers, and special symbols. You can also use symbols from your national alphabet. A secure password might look like this: “fO7#s!kP4x*a”. However please, note that with today’s computers, decrypting your document won’t take longer than a few days (or even hours on a LAN).

Other Windows applications 1. ZIP archiver, known-plaintext attack 2. ARJ archiver, very weak encryption 3. RAR archiver, strong crypto from Russia 4. Protection in Adobe Acrobat 5. Internet Explorer content advisor password 6. Database protection in Microsoft Money

ZIP archiver This archiver allows to set an archive password. Whole archive is encrypted using the specific algorithm. Each password is converted to three 32-bit keys. Two famous cryptoanalysts, Eli Biham and Paul Kocher, have analyzed this algorithm and found out that it’s possible to find the encryption keys by means a known-plaintext attack. Only 12 bytes of plaintext are needed for keys recovery. Then, we can manually decrypt the whole archive using that encryption keys. If we don’t have any plaintext, it’s possible to recover a password using a brute-force or dictionary attacks (which could be implemented very effectively on modern CPUs). CharsetLengthPasswordsTime All printable1..57,820,126,72065 minutes Digits, small/capital, space662,523,502,5929 hours Digits, small letters, space794,931,877,88813 hours Digits ,100,002,30415,5 hours Small letters, space8282,429,521,920~1,5 days Brute force speed analysis for ZIP (for P-II 350 CPU) Applications for password recovery: Advanced Archive Password Recovery Advanced ZIP Password Recovery Applications for password recovery: Advanced Archive Password Recovery Advanced ZIP Password Recovery

ARJ archiver Very simple and weak encryption algorithm is used in this archiver. “Exclusive OR” logical operation is performed on the archive contents. The second argument in this operation is a password. Of course, we can use a known- plaintext attack, or just brute-force approach if archive contents is unknown. But in the latest versions of ARJ strong encryption (GOST algorithm) is available as an option. Applications for password recovery: Advanced Archive Password Recovery Advanced ARJ Password Recovery Applications for password recovery: Advanced Archive Password Recovery Advanced ARJ Password Recovery

RAR archiver RAR archiver, developed by Eugene Roshal, uses a very strong encryption algorithm. Encryption key is 128 bits long. 256 bytes S-Box is derived from each key. S-Box operations are very complicated and slow. Known-plaintext attack is not possible at all. Only brute-force or dictionary attack can be used for password recovery. Recovery speed is very low; for example, we can test only about 4800 passwords per second on P-III 800. Applications for password recovery: Advanced Archive Password Recovery Advanced RAR Password Recovery Applications for password recovery: Advanced Archive Password Recovery Advanced RAR Password Recovery

Passwords in Adobe Acrobat Standard PDF security Protected PDF document has two passwords: an owner password and a user password. The document also specifies operations that should be restricted even when the document is decrypted: printing; copying text and graphics out of the document; modifying the document; and adding or modifying text notes and AcroForm fields. Standard PDF security Protected PDF document has two passwords: an owner password and a user password. The document also specifies operations that should be restricted even when the document is decrypted: printing; copying text and graphics out of the document; modifying the document; and adding or modifying text notes and AcroForm fields. Applications for password recovery: Advanced PDF Password Recovery Applications for password recovery: Advanced PDF Password Recovery Password types When the correct user password is supplied, the document is opened and decrypted but these operations are restricted; when the owner password is supplied, all operations are allowed. The owner password is required to change these passwords and restrictions. Password types When the correct user password is supplied, the document is opened and decrypted but these operations are restricted; when the owner password is supplied, all operations are allowed. The owner password is required to change these passwords and restrictions. Encryption key Protected PDF document is encrypted with the RC4 algorithm. Encryption key length is 40 bits. Key is calculated from the user password. Knowing of the owner password allows calculation of the user password and therefore encryption key. All restrictions are enforced by software, not by PDF format itself. Encryption key Protected PDF document is encrypted with the RC4 algorithm. Encryption key length is 40 bits. Key is calculated from the user password. Knowing of the owner password allows calculation of the user password and therefore encryption key. All restrictions are enforced by software, not by PDF format itself.

Internet Explorer Content Advisor password Microsoft Internet Explorer allows to set up a password for Content Advisor. This protection is extremely weak. MD5 hash is calculated from the password, and stored in system Registry. We can simply remove the contents of appropriate Registry key, or generate the necessary hash and change the password to any other one. Applications for password recovery: Advanced Office 2000 Password Recovery Applications for password recovery: Advanced Office 2000 Password Recovery

Passwords in Microsoft Money Latest versions of Microsoft Money uses MS Jet storage system. Database password is stored in the file header. Whole database is encrypted using RC4 algorithm. But encryption key is permanent (by the way key length is only 32 bits). This key is stored in one of the system DLL’s. Therefore any database password can be recovered instantly. Applications for password recovering: Advanced Money Password Recovery Applications for password recovering: Advanced Money Password Recovery

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.