Paper 2005/007

The Misuse of RC4 in Microsoft Word and Excel

Hongjun Wu

Abstract

In this report, we point out a serious security flaw in Microsoft Word and Excel. The stream cipher RC4 with key length up to 128 bits is used in Microsoft Word and Excel to protect the documents. But when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is applied to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered easily.

Metadata
Available format(s)
PDF PS
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
Microsoft WordExcelEncryptionRC4Initialization Vector
Contact author(s)
hongjun @ i2r a-star edu sg
History
2005-01-11: received
Short URL
https://ia.cr/2005/007
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2005/007,
      author = {Hongjun Wu},
      title = {The Misuse of RC4 in Microsoft Word and Excel},
      howpublished = {Cryptology ePrint Archive, Paper 2005/007},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/007}},
      url = {https://eprint.iacr.org/2005/007}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.