Which is the strongest encryption?

A

Art

I've looked at the various encryption types in the Advanced tab in Word. I
wound up using the Strong Cryptographic Provider, but I really don't know
which is best. I did hunt around a bit trying to find out but don't really
know. It seems that the Enhanced providers provide some sort of backward
compatibility, so it makes me wonder about them. Also, all of them seem to
indicate that RC4 is used. I had thought that RC4 wasn't the best choice
these days.

Any opinions or sources of information? I would like to use the best
algorithm available.

Thanks.
 
T

Tony Jollans

Hi Art,

This is a complex area, but I'll tell you what I understand.

There is no benefit inherent in using any particular CSP (Cryptographic
Service Provider); what matters is the facilities that they offer, and the
way in which they are used. A brief overview of the Microsoft ones,
installed with Windows (depending on your version of Windows you may not
get all of them), can be seen here:
http://msdn.microsoft.com/en-us/library/aa386983(VS.85).aspx.

Significant weaknesses can exist, regardless of CSP used, because the way in
which they are used by calling applications, Word being a particular case in
point here - its implementation, prior to 2007, was flawed.

Support for AES - and an improved implementation - is added in Word 2007,
for Word 2007 format documents (.docx and .docm). With earlier versions
(Word or Document format) you only have RC4 but with 128-bit keys you should
be reasonably safe unless you're involved in international espionage <g>


I have found it extremely difficult to actually get very much real
information; much of Microsoft's documentation (and there _is_ quite a lot
of it) tells you nothing at all and then refers you to another document that
tells you nothing at all in different words. It isn't hard to find similar
circular non-information, and it is possible to find, sometimes quite
detailed, technical information on algorithms, and a variety of
implementations, but there doesn't seem to be much in between. It seems most
people think things will be more secure the less knowledge there is out
there, whereas I would argue the direct opposite.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top