<http://www.theinquirer.net/print.aspx?article=20790&print=1>
Word and Excel have RC4 flaw, claim Cryptic cross words By: Nick Farrell Wednesday 19 January 2005, 07:50 SECURITY EXPERT Bruce Schneier claims that Microsoft's Word and Excel security protection systems have amateurish flaws which makes them easy to break. On his blog here, the writer of 'Applied Cryptography' said that VoleWare breaks one of the most important rules of stream ciphers. That is that you don't use the same keystream to encrypt two different documents. "If someone does, you can break the encryption by XORing the two ciphertext streams together. The keystream drops out, and you end up with plaintext XORed with plaintext -- and you can easily recover the two plaintexts using letter frequency analysis and other basic techniques," he said. Word and Excel both use this "amateur crypto mistake" Apparently Microsoft made the same mistake in 1999 with RC4 in WinNT Syskey. Five years later, Microsoft has the same flaw in other products, Schneier claims. µ -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]