Encryption Used in Word 2004 for Mac

[starting over]

Hi,

I was wondering if anyone knew what kind of algorhithm was used for
file encryption by MS Word 2004 for Mac? How strong is it really?
Also, does Mac Office 2004 create readable cached files of encrypted
file that are recoverable from the hard drive?

Thanks,

Dan

 

[John McGhie [MVP - Word and Word Macintosh]]

Hi Dan:

Oh? Is it urban myth time again?

The algorithm in use is a 128-bit RC-4. The strength of encryption depends
upon the length of the password and its composition. But that applies only
if you set "Password to Open".

See here for more details:
http://support.microsoft.com/?id=822924

Mac Word and WinWord are equivalent, except that Mac Word does not have the
VBA code signing or Digital Signature facility.

As to your second question: Yes.

Files are not encrypted until you set "Password to Open" -- before then, the
entire file and all the temporary files and backup files are readable.

If you work on the document without a password and set the password at the
end before closing it, the temporary files (or some of them) will not be
encrypted.

It's good practice to reboot the computer after closing an encrypted file to
clean up the temporary files.

Note that an attacker would require fairly advanced knowledge to actually
access the temporary files: once you close the document they are
disconnected from it. An attacker would require an extended period of
access to the machine to get any significant amount of data back from them.

There is an element of "A lock will only keep out an honest man" to this.
If you need sufficient security to prevent people in the office reading
sensitive information, MS Office encryption will do the job nicely.

If you are expecting Level 5 intrusion attempts from organised crime or
nation states, then you better organise something a bit more secure

Cheers

Hi,

I was wondering if anyone knew what kind of algorhithm was used for
file encryption by MS Word 2004 for Mac? How strong is it really?
Also, does Mac Office 2004 create readable cached files of encrypted
file that are recoverable from the hard drive?

Thanks,

Dan

--

Please reply to the newsgroup to maintain the thread. Please do not email
me unless I ask you to.

John McGhie <[email protected]>
Microsoft MVP, Word and Word for Macintosh. Consultant Technical Writer
Sydney, Australia +61 (0) 4 1209 1410

 

[Chris Ridd]

There is an element of "A lock will only keep out an honest man" to this.
If you need sufficient security to prevent people in the office reading
sensitive information, MS Office encryption will do the job nicely.

Even in this case, there are very widely available tools which can
break an encrypted Office doc. Don't bet on them not being used.

Google for "crack rc4", and incidentally note the third hit describes
an "amateur crypto mistake" in Office :-(

If you are expecting Level 5 intrusion attempts from organised crime or
nation states, then you better organise something a bit more secure

Oh, *far* more people than that will be able to break into your docs.

If you really want to securely encrypt Office documents, save them
unencrypted and use a separate tool like PGP to encrypt them. You could
copy them into an encrypted Apple disk image too, if you wanted a free
solution that was Apple-only.

Cheers,

Chris

 

[John McGhie [MVP - Word and Word Macintosh]]

Hi Chris:

Yes: I believe you're quite correct.

Oh, *far* more people than that will be able to break into your docs.

Basically: Anyone who can read the instructions on the internet. Or who
feels entirely confident giving their credit card details to someone who
cracks passwords for a living.

The question is: How many will?

Your average commercial secret is worth money for about two weeks. It takes
a bit longer than that to learn to do this (particularly, if you have a day
job...)

If you really want to securely encrypt Office documents, save them
unencrypted and use a separate tool like PGP to encrypt them. You could
copy them into an encrypted Apple disk image too, if you wanted a free
solution that was Apple-only.

Yeah: Apple uses AES-128 encryption which is a little more difficult to
crack (not much...). Since it was invented for the US Government, at least
that way you will know that only Uncle Sam's spooks will be able to crack
your data easily. As well as all his friends (and enemies...)

Word's encryption does an OK job of keep the nosey co-workers at the office
out of your documents. But it won't keep out a determined, well-funded,
well-resourced attacker.

The various governments that you and I vote for (or against!) will never
allow consumer software to be shipped with any form of encryption that would
keep the guvvermint out of your business (or the business of your local drug
dealer or terrorist...)

Locking a document up that tight can be done. Of course it can. It takes
fairly serious planning, expertise, and hardware. Encryption is the easy
bit. Developing business processes that ensure YOU can always get your data
back again -- and that someone who is trying really hard -- can't. That's
one reason the CIA costs so much money to run.

They use Word (the same as everyone else) to create their documents. But
they don't bet their careers on Word's encryption. Their enemies are a bit
more determined than that.

Hope this helps

--

Please reply to the newsgroup to maintain the thread. Please do not email
me unless I ask you to.

John McGhie <[email protected]>
Microsoft MVP, Word and Word for Macintosh. Consultant Technical Writer
Sydney, Australia +61 (0) 4 1209 1410

 

[Jim Gordon]

Hi Chris,

I am always amazed that so many organizations that are supposed to keep
information confidential use simple email attachments and PDF files
without sending email using digital certificates.

To me this is the largest security breach in existence in business and
academia today. If the documents are being sent from one computer to
another by email, there's another important place to encrypt.

-Jim Gordon
Mac MVP

 

[Chris Ridd]

Yeah: Apple uses AES-128 encryption which is a little more difficult to
crack (not much...).

Interesting. Do you have any references for this?

Since it was invented for the US Government, at least
that way you will know that only Uncle Sam's spooks will be able to crack
your data easily. As well as all his friends (and enemies...)

That's the same argument that was given when the US Govt suddenly
relented on exporting code using strong RSA keys.

I didn't think there was any belief in the community that there were
flaws in AES 128 and that it was breakable.

Word's encryption does an OK job of keep the nosey co-workers at the office
out of your documents. But it won't keep out a determined, well-funded,
well-resourced attacker.

The going rate for decryption tools seemed to be $50 (US). Not so
well-funded then :-(

Cheers,

Chris

 

[Chris Ridd]

Hi Chris,

I am always amazed that so many organizations that are supposed to keep
information confidential use simple email attachments and PDF files
without sending email using digital certificates.

Hopefully encrypted and not just signed ;-)

The unfortunate problem with that is that many anti-virus/spam mail
systems refuse to pass attachments if they can't decode them, which
will obviously be the case for encrypted mail.

Cheers,

Chris

 

[Chris Ridd]

Interesting. Do you have any references for this?

References for the crackability claim, that is. Apple documents their
use of AES 128.

Cheers,

Chris

 

[John McGhie [MVP - Word and Word Macintosh]]

Hi Chris:

Nope. Just an overheard conversation at a conference. Just what they were
referring to I don't know, but I suspect it was dictionary attacks.

Yes, you can get a tool that will crack RC-4 quite cheaply. But the problem
is that usually you don't have just "one" document to crack. To run off
with a decent piece of corporate intelligence, you usually have to crack the
disk encryption, then crack the encryption on every single document on the
machine or network.

Driving a nail through a single document named "Baselined New Product
Development Plans for 2007" is not so tough. But getting access to the
network for long enough to decrypt an entire file server full of documents
named TAF0001-1040A8C without generating so much bandwidth you raise
suspicions, is a rather greater challenge.

As usual, the weakest link is the human being. If the password is the pet's
name, a dictionary attack will crack the thing in a few seconds.

Cheers

References for the crackability claim, that is. Apple documents their
use of AES 128.

Cheers,

Chris

--

Please reply to the newsgroup to maintain the thread. Please do not email
me unless I ask you to.

John McGhie <[email protected]>
Microsoft MVP, Word and Word for Macintosh. Consultant Technical Writer
Sydney, Australia +61 (0) 4 1209 1410

 

[Jim Gordon]

Hopefully encrypted and not just signed ;-)

The unfortunate problem with that is that many anti-virus/spam mail
systems refuse to pass attachments if they can't decode them, which will
obviously be the case for encrypted mail.

Cheers,

Chris

Mail systems are utterly useless if they can't deliver mail. Any system
that tosses out the good with the bad is critically flawed. How could
you possibly trust such a system at all? The obvious solution is to
avoid the "many" and go with one that actually works.

-Jim Gordon
Mac MVP

 

[Chris Ridd]

Mail systems are utterly useless if they can't deliver mail. Any system
that tosses out the good with the bad is critically flawed. How could
you

Viruses are mail, spam's mail. Do you want them delivered too?
Inability to check something's /slightly/ different to checking
something and finding a virus/etc, but if you do let uncheckable stuff
through then you've just opened an attack vector.

If you've Windows boxes inside your network you really *can't* afford
to have that.

possibly trust such a system at all? The obvious solution is to avoid
the "many" and go with one that actually works.

I think you mean "reconfigure it". After all, I'm sure even Exchange
can be configured to reject stuff.

Cheers,

Chris