Learn, hack!

URL

https://media.blackhat.com/bh-eu-10/whitepapers/Filiol/BlackHat-EU-2010-Filiol-Office-Encryption-wp.pdf

File name

BlackHat-EU-2010-Filiol-Office-Encryption-wp.pdf

File size

521.5 KB

MD5

563394512f45f832ef0c4c094e2fc95a

SHA1

2ddaee43470a761eff4e1310a9298a65ece6c502

Despite the evergrowing use of block ciphers, stream ciphers are still widely used: satellite communications (military, diplomatic...), civilian telecommunications, software... If their intrinsic security can be considered as strong, the main drwaback lies in the high risk of key misuse wich introduces severe weaknesses, even for unconditionnally secure ciphers like the Vernam system. Such misuses are still very frequent, more than we could expect. In this talk we explain how to detect such misuses, to identify ciphertexts that are relevant to this misuse (among a huge amount of ciphertexts) and finally how to recover the underlying plaintext within minutes. This may also apply to (intendly or not) badly implemented block ciphers. To illustrate this technique, this talk will also deal with the technical cryptanalysis of encryption used in Office up to the 2003 version (RC4 based). We will focus on Word and Excel applications. The cryptanalysis has been successfully and we manage to recover more than 90% of the encrypted texts in a few seconds. The attack is based both on a pure mathematical effort AND a few basic forensic approach. In a more general cases (e.g. satellite communications), we just need to intercept ciphertexts. In the Office case, we will explain in our sense that the attack does not rely on particular weakness but in a setting that can be seriously considered and described as a possible intended trap. We will develop this concept to explain how in a more general way such trap can be built.