Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

How to operationally detect and break misuse of weak stream ciphers (and even block ciphers sometimes) - Application to the Office Encryption Cryptanalysis

Eric Filiol
Black Hat EU 2010
Indexed on
Mar 26, 2013
File name
File size
521.5 KB

Despite the evergrowing use of block ciphers, stream ciphers are still widely used: satellite communications (military, diplomatic...), civilian telecommunications, software... If their intrinsic security can be considered as strong, the main drwaback lies in the high risk of key misuse wich introduces severe weaknesses, even for unconditionnally secure ciphers like the Vernam system. Such misuses are still very frequent, more than we could expect. In this talk we explain how to detect such misuses, to identify ciphertexts that are relevant to this misuse (among a huge amount of ciphertexts) and finally how to recover the underlying plaintext within minutes. This may also apply to (intendly or not) badly implemented block ciphers. To illustrate this technique, this talk will also deal with the technical cryptanalysis of encryption used in Office up to the 2003 version (RC4 based). We will focus on Word and Excel applications. The cryptanalysis has been successfully and we manage to recover more than 90% of the encrypted texts in a few seconds. The attack is based both on a pure mathematical effort AND a few basic forensic approach. In a more general cases (e.g. satellite communications), we just need to intercept ciphertexts. In the Office case, we will explain in our sense that the attack does not rely on particular weakness but in a setting that can be seriously considered and described as a possible intended trap. We will develop this concept to explain how in a more general way such trap can be built.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !