Don’t Use Office RC4 Encryption. Really. Just don’t do it.

Yesterday, a BlackHat Europe presentation on Office 2003 encryption was brought to my attention. Seems that Eric Filiol has done quite a bit of work to recover RC4 encrypted Office documents using an issue that was brought to our attention in 2004. Eric’s paper can be found at this link: BlackHat-EU-2010-Filiol-Office-Encryption-wp.pdf. The paper really just…


Before We Had MSRC

Just ran into a post by Gene Schultz – – I first ran into Gene when I worked back at ISS – interesting guy. I think we share some of the same concerns about the security of moving things into the cloud – in many ways, web apps are just harder to really secure…


Office 2007 SP2 Encryption Settings

Now that we’ve actually shipped SP2, some of you may be curious about how to use the shiny new encryption. Here’s the registry settings: Registry keys Base keys (also corresponding Policy keys) HKCU\Software\Microsoft\Office\12.0\<appname>\Security\Crypto     Name Type Default Description CompatMode DWORD 0 Controls encrypted database compatibility: 0 – Legacy format for new files 1 -…


Legacy RC4 Example on Codeplex

Just a quick note on this – a customer had a question about the old RC4 40-bit encryption yesterday, and this prodded me into taking some memory dumps of intermediate steps and figuring out where my own example code wasn’t working. Fortunately, it wasn’t really a problem with the documentation – I’d just made a…


MS-Offcrypto Example Update

Just a quick note that I’ve updated the examples. I added an example for the CAPI RC4 encryption that does work. Along the way, I got smarter about managed C++ and C# interop, which turned out to be a bit of an adventure. I didn’t find the documentation on MSDN exceptionally helpful in this area….


MS-Offcrypto Examples

In response to some questions I’ve gotten about details of MS-OFFCRYPTO, I’ve created a CodePlex project to contain sample code demonstrating the documentation. You can find it at I had originally wanted to include sample code in MS-OFFCRYPTO itself, but we couldn’t do that. Instead, we can put sample code on CodePlex. To keep…


CVE Count and Statistics

Larry Seltzer had some interesting comments on my post about the rate of Office vulnerabilities at Vulnerabilities and Office Versions There may be a little flaw in the analysis in that LeBlanc studied reports during the period from 9/18/2007 to 11/17/2008. By that time earlier Office versions had been around for a long time and…


Office Crypto KDF Details

I’ve gotten a couple of questions asking how our key derivation function works. The technique is very similar to that described in RFC 2898, also known as PKCS #5. There are two key derivation functions (KDF) documented in this RFC – PBKDF1 and PBKDF2. Our KDF implementation is very similar to PBKDF1 (section 5.1), with…


New, Improved Office Crypto

If you’re enough of an Office crypto geek to stay on top of the most recent changes in MS-OFFCRYPTO, you already know about some of this, but my assumption is that most people aren’t going to want to parse something that hard to read. What we’re doing is introducing some substantial improvements in our encryption…


SafeInt Compiles on gcc!

[update 12-1-08] I now have it completely compiling on gcc, with a test harness that exercises every method of the class for every combination of types (all 15 of them). Version 3.0.12p is now moved to release status.  Once I got SafeInt posted on CodePlex, Niels Dekker grabbed a copy and started figuring out what…