Posted on 02/25/2005 8:19:19 PM PST by zeugma
One of the most important rules of stream ciphers is to never use the same keystream to encrypt two different documents. If someone does, you can break the encryption by XORing the two ciphertext streams together. The keystream drops out, and you end up with plaintext XORed with plaintext -- and you can easily recover the two plaintexts using letter frequency analysis and other basic techniques.
It's an amateur crypto mistake. The easy way to prevent this attack is to use a unique initialization vector (IV) in addition to the key whenever you encrypt a document.
Microsoft uses the RC4 stream cipher in both Word and Excel. And they make this mistake. According to a paper by Hongjun Wu: "In this report, we point out a serious security flaw in Microsoft Word and Excel. The stream cipher RC4 [9] with key length up to 128 bits is used in Microsoft Word and Excel to protect the documents. But when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is applied to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered easily."
This isn't new. Microsoft made the same mistake in 1999 with RC4 in WinNT Syskey. Five years later, Microsoft has the same flaw in other products.
The report (PDF):
<http://eprint.iacr.org/2005/007.pdf>
Microsoft's 1999 mistake:
<http://www.bindview.com/Support/RAZOR/Advisories/...>
Microsoft has a long history of really poor use of cryptography, so this isn't suprising.
I would have posted this tomorrow morning so it would be more widely seen, but figured I'd forget about it tomorrow.
there was some poster here a few days ago bragging how MSFT had the "best people" and how their interview process was so demanding and daunting, that few non-geniuses could withstand it. they apparently have a bunch of cerebral think-tank people working there, all sipping lattes and talking about the future, but few people with practical skills to actually write their software.
Sounds suspiciously like the Democratic party.
I find it fascinating that a whole bunch of people that claim to hate and be superior intellects to Microsoft, are nonetheless obsessed with all things Microsoft.
Amazing, really.
Uh... ever heard of "know thine enemy?"
Seriously.. Anybody can use crypto, the algorithms are not that complex.
Telling developers to "make a more secure product" will not result in more secure products, it will result in a false sense of security. In reality you'll have a bunch of Prometheus's minions playing with the gift of fire. If they do not learn how to use the tool properly they'll burn their own house down because of a false sense of security.
if they weren't a de-facto monopoly, no one would care. they have also essentially destroyed the US software industry at least as it relates to desktop systems (and a good chunk of the server portion too). they sap innovation, and no one can get venture capital to develop new ideas that compete directly with them.
An idiotic blunder...even I know that.
The bigger mistake would be for one to rely on the cipher of a word processing program to secure one's data.
Huh??? There are tens of thousands of applications for the desktop out there.
Take off the Apple/Linux/whatever blinders. Graphics technology is exploding and Microsoft's Direct3D is leading the way with HLSL. If you look at the graphics hardware on the vaunted oh-so-innovative Mac, you'll see that it came over from the PC world. Who drove the adoption of high speed graphics chips for the masses?
Amazing!!
Nvidia, ATI, OpenGL and Direct3D did.
Anybody that uses the built-in encryptor within a word processor for safekeeping of documents is *already* not serious about security. That person is also not reading security tech sites or blogs either, so whatever we think about it won't get to them. All it does for them is keep their nosey officemate out of their recipe file.
Word and Excel encryption has been easily hackable for what... more than ten years now? That's not what it is for. People that are serious about encryption don't encrypt this way, nor should they.
This is like somebody buying a Samsonite suitcase and then being *shocked* that the lock is easy to pick.
OpenGL is a joke these days. Have you tried to write an OGL app that uses the latest hardware features? It's a mess of half-implemented extensions that don't work right. GLSL is several years behind HLSL.
It's a two-way street when it comes to ATI/NVidia. There has to be a coherent API and DDI to abstract the hardware somewhat before it becomes useful to apps. That's where Msft comes in with D3D. It works with the IHVs to both push and pull new features into the API.
I guess its fashionable to trash Msft, all the while kneeling at the feet of Jobs. He comes down from the mountain with a new box (look, its colorful! how innovative) and everyone raves. Weird.
sure, if you count games and fifty "create-a-card" programs and "label makers" and "write your own will". probably the most profitable area for other development is virus protection - that says alot. the core technology for desktop software on the PC has essentially been stagnant since Windows 95 was released. When I look at what I do with my PC today, and what I did under Win95, its essentially identical stuff with the exception of the internet browser (which MSFT would never have gotten into had Netscape not rushed onto the scene). some prettier graphics and some better device management through USB is hardly what I would call a technological "leap" in the past 10 years.
The gamers did.
Yah... the last ten years have been just a vast void of zero innovation with regard to computers, OS, networking... internet...
I'm sitting here right now typing on a laptop computer that, compared to the machine I was using ten years ago... is some orders of magnitude faster and more capable than any machine five years ago, let alone ten. I'm also sitting in a hotel bar, having a nice Wild Turkey on the rocks while I type this, over a wireless Internet connection with speed that was only dreamed of in those days.
I haven't shut down or rebooted this laptop in maybe two weeks. It takes about twenty seconds to wake up in a new location and find a new DHCP server and get a new IP address on the fly... then surf away...
Compare this to the connectivity and performance and [s[spew] reliability that was commonplace a decade ago...
Nope... no innovatin' goin' on here...
the chip makers are responsible for your better performing PC, and MSFT had nothing to do with IP technology development. The first IP stacks on PCs didn't even come from MSFT, in fact they didn't want to include networking until it became so prevalent as an add-on that they had no choice.
Yep, nothin's changed essentially since the L0pht gave MS a public spanking on encryption years ago. Their Discussion at
the "Beyond Hope" conference was nothing short of fantastic if not outright hilarious.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.