Microsoft Office password protection

Microsoft Office password protection is a security feature to protect Microsoft Office documents (Word, Excel, PowerPoint) with a user-provided password.

Types

There are two groups of passwords that can be set to a document:[1]

  • A password to encrypt a document restricts opening and viewing it. This is possible in all Microsoft Office applications. Since Office 2007 they are hard to break, if a sufficient complex password was chosen. If the password can be determined through social engineering, the underlying cipher is not important.
  • Passwords that do not encrypt, but restrict modification. They can be circumvented easily.
    • In Word and PowerPoint the password restricts modification of the entire document.[2]
    • In Excel passwords restrict modification of the workbook, a worksheet within it, or individual elements in the worksheet.

History of Office Encryption

Weak encryptions

In Excel and Word 95 and prior editions a weak protection algorithm is used that converts a password to a 16-bit verifier and a 16-byte XOR obfuscation array[1] key.[3] Hacking software is now readily available to find a 16-byte key and decrypt the password-protected document.[4] Because it's only like a Vigenere Cipher. They can be cracked instantly with the help of precomputation tables.

Office 97, 2000, XP and 2003 use RC4 with 40 bits.[3] The Office-algorithm contains multiple vulnerabilities rendering it insecure. Also RC4 is now considered to be weak. The protection presents no difficulties to hacking software.[5][4]

In Office XP and 2003 an opportunity to use a custom protection algorithm was added.[3] Choosing a non-standard Cryptographic Service Provider allows increasing the key length. Weak passwords can still be recovered quickly even if a custom CSP is on.

AES since Office 2007

In Office 2007 (Word, Excel and PowerPoint), protection was significantly enhanced since a modern protection algorithm named Advanced Encryption Standard was used.[3] At present there is no software that can break this encryption. With the help of the SHA-1 hash function, the password is stretched into a 128-bit key 50,000 times before opening the document; as a result, the time required to crack it is vastly increased, similar to PBKDF2, scrypt or other KDFs.

Excel and Word 2010 employed AES and a 128-bit key, but the number of SHA-1 conversions doubled to 100,000.[3]

Office 2013 (Access, Excel, OneNote, PowerPoint, Project, and Word) uses 128-bit AES, again with hash algorithm SHA-1 by default.[6]

Office 2013 introduces SHA-512 hashes in the encryption algorithm, making brute-force and rainbow table attacks slower.

Office 2016 (Access, Excel, OneNote, PowerPoint, Project, and Word) uses 256-bit AES, the SHA-1 hash algorithm, 16 bytes of salt and CBC (Cipher Block Chaining) by default.[7]

Attacks that target the password include dictionary attack, rule-based attack, brute-force attack, mask attack and statistics-based attack. Attacks can be speed up through multiple CPUs, also in the cloud, and GPGPU[8] (applicable only to Microsoft Office 2007–2010 documents).

A modern graphics card like Nvidia RTX2070 can try 12.000 password per second for Office 2016-19 documents.[9]

Excel worksheets and macro protection

The protection for worksheets and macros is necessarily weaker than that for the entire workbook as the software itself must be able to display or use them.

For xlsx files that can be opened but not edited, there is another attack, as the file format is a group of XML files within a zip, unzipping editing and replacing the workbook.xml file, and/or the individual worksheet XML files with identical copies, except that the unknown key and salt are replaced with a known pair, or removing the key altogether allows the sheets to be edited.

References
  1. "[MS-OFFCRYPTO] Office Document Cryptography Structure" (PDF). Microsoft Corporation. 2021-10-05. pp. 60–65. Archived (PDF) from the original on 2023-04-11.
  2. "Password protect documents, workbooks, and presentations – Support – Office.com". Office.microsoft.com. Retrieved 26 December 2012.
  3. "Microsoft Office File Format Documents". Msdn.microsoft.com. Retrieved 26 December 2012.
  4. Wu, Hongjun (2005). "The Misuse of RC4 in Microsoft Word and Excel" (PDF). Institute for Infocomm Research, Singapore.
  5. "Russian Password Crackers: Password Recovery (Cracking) FAQ". Password-crackers.com. Retrieved 26 December 2012.
  6. "Cryptography and encryption settings for Office 2013". docs.microsoft.com. Retrieved 4 July 2018.
  7. DHB-MSFT. "Cryptography and encryption in Office 2016". docs.microsoft.com. Retrieved 2018-12-07.
  8. "GPU estimations". passcovery.com. Archived from the original on 10 February 2015. Retrieved 5 December 2020.
  9. "Advanced Office Password Recovery - Elcomsoft Co.Ltd". www.elcomsoft.com. Retrieved 2023-04-26.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.