Word and Excel document insecurity – January 2005


We look at some reader feedback on the Word and Excel document decryption problem for January 2005.

Thanks to all the readers who gave us feedback on the Word and Excel document decryption problem mentioned in the last Office Watch article.

Readers seem divided into two roughly equal camps – those that are appalled that such a simple workaround to encrypted documents could have been allowed to go unfixed by Microsoft – and those who are appalled that anyone would trust any encryption method provided by Microsoft.

Microsoft has been customarily silent on the matter and we’ve had no reply to our enquiries. We can tell you that the problem can include documents that have RC4 encryption.

To clarify what is needed to make the decryption hack work – you need two versions of a document created with the same stream key. Two exact copies (ie the original and a backup) are no good – the two documents
need to be similar but not the same (for example a previous version of a document before some revisions).

We look with interest to seeing what Microsoft comes up with. Since this problem has been known on the MS campus for sometime there’s no real excuse for a delay in releasing details, workarounds and fixes.

 


Want More?

Office Watch has the latest news and tips about Microsoft Office. Independent since 1996. Delivered once a week.