There seems to be a fundamental and worrying problem with encrypted documents in Word and Excel – and not just the recent versions.
The latest Office news isn’t good news – there seems to be a fundamental and worrying problem with encrypted documents in Word and Excel – and not just the recent versions.
The details are complex and we mere humans don’t need to worry about them – the basics are this:
When you encrypt a document in Word or Excel you choose a password which is combined with a semi-random ‘stream key’ to jumble the contents to make it unreadable to outsiders.
When you have two versions of the same document, saved with the same stream key and password you can much more easily break the encryption by comparing the two documents. You don’t need to know the password or key – the similarities between the two documents at a binary level gives a would-be code-breaker a massive head start.
Therefore, security experts say that ideally the stream key changes each time a document is saved. The password you give can be the same but if the key changes you don’t have to worry about someone using the document comparison trick.
Because Word and Excel documents are designed to be edited, changed and shared, Microsoft chose to keep the same stream key for the entire document. This was probably an expedient measure but any security expert knows it is a poor choice – and Microsoft has plenty of smart security people so presumably their warnings were (as usual) not heeded.
WORRY?
Is this problem an immediate concern? There’s no simple answer.
If you work in a sensitive area where the possibly of spying is higher or the value of your documents is high then certainly yes. Administrators in financial institutions for example would be right to worry that spreadsheets could be misused. Lawyers also should be concerned that sensitive documents could be more easily decoded.
Up to now you could assume that a document was reasonably safe from prying eyes simply because it was password protected. But now we know that the thief doesn’t have to know the password – they just need access to the two or more versions of the file.
Getting two or more versions of a single file is quite easy when you think about it. Here’s a quick list of ways to grab multiple versions of a document:
You could simply grab a copy of the file in the morning and then later in the day after some changes are made.
Or compare the latest version with one on a backup.
Copies on a server and that replicated to a networked computer.
Or make use of Microsoft’s own Shadow Copy feature that stores multiple past versions of your documents.
If you are using the backup copy option in Word then there’s a near duplicate of the original in the same folder.
Copies sent back and forth over email could be intercepted and compared.
And doubtless many more situations beyond …
The method of comparing two documents and getting intelligible results is ‘easy’ in relative terms. Someone with the right knowledge and tools could do it, especially since the flaw has been well documented. It is not something the average person would do but anyone sufficiently motivated would not have any problem.
You should not stop password protecting sensitive documents but if your company has lots of sensitive information then there’s a real concern.
MORE THAN WORD AND EXCEL?
The published details on the flaw note that they have only examined Word and Excel for the problem but it could extend to other password protected documents.
As HongJu Wu from Singapore rightly points out, it is not enough just to have a strong encryption key. How an encryption system is implemented is just as important.
We hope Microsoft in its belated investigation doesn’t just look at the latest Word and Excel in the vain hope that the problem will go away. Their report and patch needs to address past versions of Word and Excel plus all other Microsoft products that have encrypytion.
HIGH OR LOW RISK?
Security experts are saying the risk is high, Microsoft naturally are taking their usual line that the risk is low.
Since the nature of the problem is well known and the method of decrypting a document is relatively simple then the risk can be considered high.
Microsoft always say the risk is low, unless and until they have a fix or patch in place. The company’s self-interest always and understandably overrides any objective assessment of the situation.
It’s true that you need multiple copies of a document to make the decryption possible and Microsoft will presumably highlight that fact. However their own systems and the nature of networked computers makes the existence of multiple versions so much greater.
More than the specific problem is the concern that this is an elementary and fundamental flaw that anyone versed in security matters and familiar with the programming of Office should realize. Since Microsoft has supposedly spent much time and money boosting the security awareness of their security staff, their paying customers are entitled to ask how the company let this flaw go unfixed for so long?
That realization has given rise to the suspicion that the flaw has been allowed to remain as a ‘back door’ to allow US federal agencies easy access to documents. I’m not one for conspiracy theories but the simple nature of this flaw makes it harder to believe that Microsoft was unaware of the problem.
Having done Office Watch for so many years the likely explanation is more mundane. Too many times staff at Microsoft has known about a problem and an executive decision is made at some level to ignore the problem. Most likely that decision is made to reduce the cost or time of development rather than any more conspiratorial reasons. Its possible that the performance hit of creating a new stream key each time was considered too high. The pity is that the flaw wasn’t included in the more general updates of the Office over the years – this could have been fixed in Office XP or Office 2003 if Microsoft had wished.
