File: password.html

package info (click to toggle)
mswordview 0.5.14-bw6-2
  • links: PTS
  • area: main
  • in suites: potato
  • size: 7,000 kB
  • ctags: 1,814
  • sloc: ansic: 18,008; perl: 796; makefile: 195; sh: 133; awk: 86; csh: 28
file content (122 lines) | stat: -rw-r--r-- 6,285 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
<html><head><title>Elser, about passwords. Apr/16/97</title></head>
<body bgcolor="#ffffff" link="#0000ff" alink="#ff0000" vlink="#0000c0">
<!--$Id: password.html,v 0.1.1.5 1997/07/01 00:06:45 schwartz Rel $-->

&nbsp;<p><H1 align=left><font color=#7f007f>Elser</font></H1>

<H2><font color=#008000>Word convertress</font></H2>

<H4>About password protection<br>
of Word documents</H4>

Privacy is still a blind spot in the laboratories of standard software
applications. This results in a privacy catastrophe for password encryption
with Microsoft Word. Starting with Word 2 Microsoft used WPA 1.0b encryption, 
that is version 1.0 beta of <b>W</b>eakest <b>P</b>ossible encryption
<b>A</b>lgorithm. WPA 1.0b stamps a 16 byte key with <em>xor</em> (logical
exclusive or) all over the documents data.<p>

In Word 2.0 this 16 byte key was trivial to find, because MS applied the key
on well known permanent data. To find the key one just had to xor the well
known permanent data with the crypted data. The most convenient to find
permanent data in fact has been 16 zero bytes. Because <em>key xor zero</em>
always equals <em>key</em>, one not even had to apply a xor on it. In other
words, Microsoft hid the key in the doors lock. 
<font color=#c06000>Marc Thibault</font> 
(<a href=mailto:marc@tanda.isis.org>marc@tanda.isis.org</a>)
found out this. At January of 1993 he spent the program (wu.cpp, Word
Unprotect) including source code to public.   
<a href=http://wwwwbs.cs.tu-berlin.de/~schwartz/pmh/elser/contrib/wordunp.zip>WU</a>
(27 KB) simply fetched the key, deciphered the document and marked it as not
protected. In his documentation Marc pleased Microsoft to use real
protection next time, because:

<H4>"<font color=#c06000>A false sense of security is much worse 
than none at all.</font>"</H4>

Word 6.0 was following Word 2.0 and WPA 1.0 was following WPA 1.0b. 
Apart from this from then on documents are stored together with some
additional data. You can think of this as the document letter inside an
additional data envelope. Actually it now would have been easy like a
leisure dress to apply real protection on the document, making it finally
secure from spying out. The letter just needed to be put into a further
cryptographic envelope. Anyway, encryption of Word 6.0 documents just
slightly varies from encryption of Word 2.0 documents. The key used with
WPA 1.0 still comprises 16 bytes. But now a key byte is applied with xor on
a data byte only, if neither the data byte nor the result byte is zero. So
there are mainly three difficulties:<p>

<ol>
<li>The document letter has to be drawn out of the OLE envelope.<br>
This is not trivial, because Microsoft is not explaining, how this
envelope is structured. To get the letter safely out one had to use 
libraries, that Microsoft just provides for Microsoft Windows.<p>

<li>16 well known bytes have to be found.<br>
This is tricky, too. Either one has to be very familiar with Word's document
structure, or one has to rely on stocchastic crypto analysis. Both methods
make trouble. The latter is not very clever, as it fails if the text is to
short and one has to make predictions about the language used in the
document. The former has been a problem, because Microsoft makes a secret 
out of the document format. However, Elser knows, that from Word 6 on 
the Word document summary information data is stored not only in Word's
document letter, but as a copy also in the OLE document envelope. This
to know is nearly always more than enough information.<p>

<li>Sometimes even more than 16 bytes have to be found.<br> 
The case can occur, that the key byte is either zero, or it is equal to the
byte to be crypted. This makes an ambiguity. To solve this, one needs at
least two different well known text bytes for one key byte.<p>
</ol><p>

As far as I know, these problems are beeing solved quite ok by five
programs. There is of course Elser, smile. WFWCD is good, though it is free
software. WDPASS is very expensive, but it is easy to install and use.
Wdcrak allows you interactively to make corrections when decoding
documents. Same does WWPRT.<p>

<dl>
<dt><b>Elser</b> by <font color=#c06000>Martin Schwartz</font>
   (<a href=mailto:schwartz@cs.tu-berlin.de>schwartz@cs.tu-berlin.de</a>)
<dd>Elser is distributed as perl source code according to the terms of
    GNU General Public License. Elser can even decrypt documents containing 
    very few or none text.<br>
    All systems. Features: <em>decrypting, password resolving</em>
<p>
<dt><b>WFWCD</b> by <font color=#c06000>Fauzan Mirza</font> 
    (<a href=mailto:fauzan@dcs.rhbnc.ac.uk>fauzan@dcs.rhbnc.ac.uk</a>)
<dd><a href=http://wwwwbs.cs.tu-berlin.de/~schwartz/pmh/elser/contrib/wfwcd.zip>WFWCD</a> (20KB).
    "Word for Windows Password Cracker Demo" is a freeware program,
    that Fauzan dedicates to Hamid Moosavi, Christopher Wilkinson,
    John Godley and IRON MAIDEN.<br>
    DOS program. Features: <em>password resolving</em>
<p>
<dt><b>WDPASS</b> by <font color=#c06000>AccessData Corp.</font>
<dd>WDPASS is sold for currently $185.00. 
    <a href=http://www.accessdata.com>AccessData</a> provides a
    demonstration version, that should be able to decipher documents
    with passwords having a length of exactly 10 characters.<br>
    Windows program. Features: <em>decrypting, password resolving</em>
<p>
<dt><b>Wdcrak</b> by <font color=#c06000>Crak Software</font>
<dd>Wdcrak is sold for currently $99.00. 
    <a href=http://www.crak.com>Crak Software</a> provides a
    demonstration version, that should be able to decipher documents
    with passwords having a length of exactly 10 characters. You can
    apply manual changes to control decrypting.<br>
    Windows program. Features: <em>password resolving</em>
<p>
<dt><b>WWPRT</b> by <font color=#c06000>VDS Advanced Research Group</font>
<dd>WinWord Password Recovery Tool is sold for currently $37.00.
    <a href=http://www.vdsarg.com>VDSARG</a> provides a
    demonstration version, that should be able to decipher documents
    with passwords having a length of exactly 12 characters.<br>
    Windows 95 / NT 4 program. Features: <em>password resolving</em>
</dl>

<p>Back to <a href=../index.html>Laola</a> homepage.<p>

Martin Schwartz<p>

</body></html>