Microsoft Word Forms Passwords Hacked

An anonymous reader notes: "SecurityFocus has published a hack that can be used to unlock Microsoft Word documents that have been password protected. The 'secure' file can easily be edited and the original password re-inserted, removing any trace of the modification. A ZDNet UK article says Dell uses password protected Word files to send quotes, which could make for a messy legal battle." This feature, known as 'Password to Modify', is not the password protection on the document itself, just the protection that restricts unauthorized editing of the file. This hack allows someone to download such a file, edit it, and restore the password...effectively allowing changes to the file to go potentially unnoticed.

Forms

Forms. What is it all about... is it good, or is it whack?

Nothing New

[digitalvengeance]

There have been utilities to obtain Word passwords for quite a while. I've tested mine on Office 2000 and XP protected documents and had great success.

What's odd: The password returned by my tool of choice is not the same as the one actually stored - but when I enter this new password OR the original password into Word, the document is successfully unprotected. Some sort of odd math that makes more than one password work?
Example - I protected both a Word 2000 and Word 2002 document with the password "test" then ran them through my cracker. The cracker returned the password "QFQDOBCTGLHGEE" virtually instantly for both documents. Oddly enough, this new unusual password successfully unlocked both Word documents using Tools > Unprotect Document. Subsequent testing reveals that the original password will also unprotect the document.

So, if such passwords can easily be bypassed anyway - what does this really change?

I should note that I'm using a Passware product called Office Key.

This crack just takes what has been commercially available for quite some time and moves it into the public arena.

Josh

Re:Nothing New

[bierik]

It's the same thing with md5-passwords on Linux: the encrypted password has a fixed length but the password you provide can be "arbitrarily" long. This means that there have to be several passwords of the same encrypted form.

Re:Nothing New

[jeremytribby]

Maybe it's the NSAKey of microsoft word?

Re:Nothing New

wow, that sounds like a great protection scheme. So secure that George Bush should use it.

Re:Nothing New

[Stavr0]

The word doc doesn't store the password, but a one-way checksum.

The passware product merely computes a password that matches the checksum found in the word doc.

Re:Nothing New

[Violet+Null]

Word probably uses a hash function to test the password (just like Linux doesn't store passwords, but hashes, in /etc/password). There's some function, you put the "password" in, it spits a hash out, and that is compared to the stored hash.

Hashes are more secure than storing the password, because they tend to be pretty one way -- it's trivial to get a hash from a password, but much less trivial to get a password from the hash.

However, hashes can collide; the smaller the hash returned, compared to the possible keyspace, the more likely this is. For instance, if I have a hash function that returns a one byte hash that I use to hash my password, then there is a 1/256 chance that _any_ gibberish I send in will return the same hash, and thus match.

Microsoft is probably using a very small hash, and your "tool of choice" probably just brute forces the thing until it finds a match.

If your tool of choice continued through the keyspace, it would inevitably come up with test, too.

Re:Nothing New

[pegr]

That's very interesting, but that's NOT what this article is about. This article describes how to modify "unmodifiable" fields. Here's the kick: Save the doc with "unmodifiable" fields as html and look at the source. There you will find a "key" in the metadata. Search for this key in the original doc with a hex editor. Zero it out, and voila, your fields are now modifiable.

Again, this article is NOT about how to remove a password from the document itself. Such docs are truly encrypted. (How well is an exercise left for the reader! ;)

Re:Nothing New

[xkenny13]

So, if such passwords can easily be bypassed anyway - what does this really change?

Part of the point of the article is that you can unlock the document, make modifications, and then re-lock it using the original password ... thereby allowing your changes to go unnoticed.

If your hack program only returns gobbledy-gook type passwords, how do you go about re-locking the document in such a way that your changes are undetected?

Re:Nothing New

[GoofyBoy]

>Some sort of odd math that makes more than one password work?

Really really simple dumbed down of an explination of what could be happening.

I set the password to "011". Word takes the sum of the digits (0 + 1 + 1 = 2) and stored the result.

When I want to unlock it Word takes the password I enter and sums the digits and sees if they match with the stored result from step 1. So "011" would work and so would "020" and "110".

Of course it would be more complex math. Hope this gives you a bit understanding how it could happen.

Re:Nothing New

[pegr]

If your hack program only returns gobbledy-gook type passwords, how do you go about re-locking the document in such a way that your changes are undetected?

um, if your bruted password gens the same hash, why wouldn't the original (and unknown) password unlock it as well?

Re:Nothing New

[goranb]

You never store a password or use it for encryption. Mostly hash values are used, which mean that you need a password that generates the same hash value and your "online"...
And it is not the same just opening the file, so this is new. Now I can open your protected file, change it, and store it so nobody (not even you) notices... Except for the changed data of course...
By the time you notice the changed data you might be arrested for fraud or anything else... ;)

Re:Nothing New

[b-baggins]

Word document password protection has always been a joke. It's total cake to bypass it.

1. Open a new blank Word document.

2. Insert the protected document into the new document using the Insert command. You will NOT be asked for the password.

3. You now have the protected document, complete with formatting, content, etc., but with no password protection as your new document.

Re:Nothing New

[zdislaw]

The hack program does not replace the original password, it merely generates a gobbledy-gook password that will also allow you to unprotect the document. The original password is still usable.

Re:Nothing New

[digitalvengeance]

Thanks to all for clarifications. I'm pretty familar with hashes - but just assumed the password itself was stored. Moronic logic at its best.

Now, I still maintain that this is nothing new. Using my commercial cracker, I can still change data, re-protect with my same-hash password, and the original person would never know the difference as their password would unprotect just as well.

Re:Nothing New

[pegr]

Word document password protection has always been a joke. It's total cake to bypass it.

1. Open a new blank Word document.

2. Insert the protected document into the new document using the Insert command. You will NOT be asked for the password.

3. You now have the protected document, complete with formatting, content, etc., but with no password protection as your new document.

Nope, not since Office 98. Since Office 98, password protected docs are truly encrypted. It does indeed ask you for the password when you insert it.

And I just noticed that, in Office 2003 anyway, you can hit the "Advanced" tab and choose what kind of encryption you want (RSA, etc.), as well as bit length. Pretty cool!

Re:Nothing New

The "other" password is the NSA's backdoor. d0h!

Re:Nothing New

Why would you store the hash of a password in an encrypted file? I can see why you would do that for /authentication/, but not for /encryption/.

Re:Nothing New

(just like Linux doesn't store passwords, but hashes, in /etc/password)

Just a brief nitpick here, but most Linux systems store password hashes in /etc/shadow, with /etc/passwd holding the rest of the info for the user accounts. Everyone can read /etc/passwd (and needs to, to get user names from UIDs), but only root (and stuff like getty that checks passwords, running as root) can read /etc/shadow. You can set it up to use the old-school style and hold hashes in /etc/passwd, but it's generally frowned upon.

Re:Nothing New

Word probably doesn't test the password, but rather tries to decrypt the document using the password you provided. There's no reason to store the hash in the file. Hashes are for authentication, not encryption.

You can prevent passwords from colliding simply by XORing the contents of the file with the password after the ordinary encryption algorithm (except that "Foo" and "FooFoo" would collide).

Re:Nothing New

[spanielrage]

The password is likely stored using a (weak) hash function.

Re:Nothing New

[netsharc]

One tool that does this is the ominious-sounding "Advanced Office Password Recovery", from Elcomsoft. Remember them? Yes that's the compnay who employed Dmitry Sklyarov, who got arrested under the DMCA for talking about Adobe's lame-ass encryption.. :)

Re:Nothing New

[CompWerks]

I agree,

This story is sooo 2003

Re:Nothing New

[ayjay29]

What's odd: The password returned by my tool of choice is not the same as the one actually stored - but when I enter this new password OR the original password into Word, the document is successfully unprotected. Some sort of odd math that makes more than one password work?

I think thats 'cause thay use a hashing algorythm to store the password. It's usually not possible to get back the password form a hash, you have to brute-force to find a password that generates the same hash. It's also possible that a number of passwords can produce the same hash, if the hash is shorter, the chances of this are greater.

Re:Nothing New

[pegr]

OK, replying to your own post is lame, but here are the encryption types available under Word 2003:

Weak Encryption (XOR)
Office 97/2000 Compatible
RC4, Microsost Base Cryptographic Provider
RC4, Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
RC4, Microsoft DH SChannel Cryptographic Provider
RC4, Microsoft Enhanced Cryptographic Provider v1.0
RC4, Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
RC4, Microsoft RSA SChannel Cryptographic Provider
RC4, Microsoft Strong Cryptographic Provider

I especially love the XOR encryption! (At least they call it weak...) For the other types, you can spec a bit length between 40 and 128 bits. Now I'm not sure what MS does to "enhance" these encryption types, but there it is, for what it's worth... (I wonder if Whitfield knows his name is contained within MS Word? ;)

Re:Nothing New

MOD PARENT UP! Very good explination.

Re:Nothing New

[Feyr]

this hack doesn't even use brute force. they just found the bytes in the word file where the password is store.

zero'ing those bytes with an hex editor allow you to modify the document password-free. you then replace the original hex in the bytes you modified to "reactivate" the protection.

Re:Nothing New

[LnxAddct]

What's wrong with good old symmetrical encryption algorithms? No need to store a hash or anything like that. Just encrpyt the damn thing and only people who know the password or brute force it can read it. Its a fairly trivial thing to accomplish. I understand that if you wanted two passwords, one for read rights, and one for write rights, then you can run into problems. But seriously this crack is ridiculous. In a worst case scenario, use symmetrical encryption, but just make two copies of it. Yes I'm sure someone can come up with a case where this wouldn't be sensible for a business, but for most purposes this will more then suffice and if you need someother feature, use a third party.

Regards,

Steve

P.S. Does any known what method OpenOffice uses to protect its documents?

Re:Nothing New

[xkenny13]

um, if your bruted password gens the same hash, why wouldn't the original (and unknown) password unlock it as well?

You are assuming the original and generated passwords are 100% equivalent ... I'm not sure that they are. If the original and generated password can both unlock the file ... does that guarantee that locking the file with the generated password will allow it to be unlocked with the original?

Re:Nothing New

[ryen]

>I can see why you would do that for /authentication/, but not for /encryption/.
.. because this isn't encryption. this is for mom&pops keeping their special docs away from the kids. trouble is, most kids know more than their parents anyways and probably already have this tool to break into the docs.

there are many other tools that could probably encrypt and secure Word documents just as good, if not better, than using Office to "secure" it half-assly as shown here.

Re:Nothing New

[Suppafly]

If the original and generated password can both unlock the file ... does that guarantee that locking the file with the generated password will allow it to be unlocked with the original?

Yes. But that is not what the article is about anyway.

Re:Nothing New

[Anonym0us+Cow+Herd]

The word doc doesn't store the password, but a one-way checksum.

It is a checksum. But it must not be a very one-way checksum. If they had used a real one-way function, such as MD5, it would not be possible to come up with another value that hashed to the same result. (Well, it might be possible, but who has time to wait longer than the life of the universe.)

Re:Nothing New

(I wonder if Whitfield knows his name is contained within MS Word? ;)

Considering how Slashdot gets around, He most likely does; now.

Re:Nothing New

[drinkypoo]

Just put the original hash back in place. Can I have my five dollars now?

Re:Nothing New

if you can read it you can copy it
if you can copy it you can edit that copy

Re:Nothing New

[lysander]

The fact that the checksum is one-way has nothing to do the problem you describe, which is that the size of the resulting checksum is too small to be useful for security purposes. It's easy to brute force, where as there is no known tractable way to match md5 signatures (i.e. find two keys that hash to the same checksum).

Re:Nothing New

[jonbryce]

How well depends on the options you select. The default is 40 bit encryption, which can be brute forced in a few weeks on a reasonably fast computer.

Re:Nothing New

Since open source is copying Microsoft as quickly as it can, under the delusion that being a cheap, crappy imitation will help them rule the world... and since OpenOffice aims for MS Office compatibility, I would imagine it uses the same algorithm, if it's implemented the feature.

Re:Nothing New

[nolife]

Where I work, we use DeltaView to compare incoming and outgoing Word documents. People do change documents and that's why we check them. For privacy reasons and legal concerns, we also run most outgoing documents through some metadata cleaners to strip out any document properties that we might not want to be included inside the document.

Re:Nothing New

[m0rph3us0]

"password" protection in word is done exactly this way. This is trying to enforce a read-only permission which is quite difficult with out a crypto network.

Re:Nothing New

The default is 40 bit encryption, which can be brute forced in a few weeks on a reasonably fast computer.

Weeks? Try hours on currently available machines.

Re:Nothing New

[williamhooper]

This issue is a little more:

4. Re-protect document using the same password as original.

Re:Nothing New

[molnarcs]

I wonder how FreeBSD stores passwords. It has an /etc/master.passwd - which is similar to /etc/passwd in linux. However, if you put something manually in it, you have tu run a command to 'install' it, which updates a pwd.db file, that seems binary to me.

Re:Nothing New

[cayenne8]

Gnupg

pgp

Are two quick examples of secure encryption for the docs...

Re:Nothing New

[TCM]

You should never edit /etc/passwd or /etc/master.passwd by hand. Use vipw(8) which also cares about proper locking and rebuilding of the database versions of these files.

Re:Nothing New

[Em+Ellel]

one-way function does not mean only one source can produce only one result. As long as number of characters/bits in your hash can be less that number of characters/bits in the source, basic arithmetic will tell you that you will always have to have multiple sources producing same results.

Re:Nothing New

[cayenne8]

Yeah...I was amazed at how much you could see in some MS Word documents by running them through the strings command.

Re:Nothing New

[saforrest]

If they had used a real one-way function, such as MD5, it would not be possible to come up with another value that hashed to the same result.

Uh, you're confusing two things.

A one-way function is simply some function which is not one-to-one. For example, consider the length function L which maps words to integers, e.g. L("bob")=3, L("A")=1.

It's not possible, given an integer n, to find the specific word that mapped to n, simply because there isn't an unique one. This is what makes it one-way.

The fact that there are multiple possible passwords for this Word document is proof that it is a one-way function.

What you're talking about is the ease of finding some element of the preimage of a given hash, which is a separate concept. MD5 is good because for some given value, it's really hard to find anything which hashes to that value, not because it's somehow 'more one-way'.

In fact, the most one-way function of all is a constant function, which is obviously totally useless for authentication.

Re:Nothing New

[rifter]

Now I'm not sure what MS does to "enhance" these encryption types, but there it is, for what it's worth... (I wonder if Whitfield knows his name is contained within MS Word? ;)

Probably they have embraced and extended them, rendering them incompatable with other products which use such standards and less secure than they would have been otherwise. :)

Re:Nothing New

[goranb]

Hm... :D
Ok, I didn't really think of "protecting" the file like that... Oh well... ;)
I would do it the complicated way. Find the hash in the file, store it, change anything, adjust checksums and stuff... store the original password/hash...
I think I might have gotten used to passwd/group files too much...

Re:Nothing New

[pantycrickets]

um, if your bruted password gens the same hash, why wouldn't the original (and unknown) password unlock it as well?

If the passwords were of sufficient length, and encrypted with 128 bit encryption as is an option in newer versions of Word, then this is a moot point.

This new exploit would be the only thing that would be practically feasable in taking advantage of the scenario created for instance by Dell sending out unmodifiable quotes. In that instance, this exploit becomes very, very bad.

Re:Nothing New

MOD PARENT UP! Very good expl ination.

Exact same, rare spelling error as the post you're asking us to mod up. Hmmm...

Re:Nothing New

You know, why is it that the list strikes me as typical microsoft? You can use two absolutely pathetic options, or 7 choices of RC4. God forbid I don't trust RC4...

Re:Nothing New

You anal fuck-nozzle, who says you are the world's authority on what the term "one-way function" means? The parent poster made perfect sense - you made up your own definition of one-way function and then used that to slam him! FOAD !!

Re:Nothing New

[Zontar+The+Mindless]

> It's the same thing with md5-passwords on Linux...

MD5 is available on many platforms, including Windows: http://www.fourmilab.ch/md5/

So is SHA1.

Re:Nothing New

[FreeTheFurniture!]

Hey, what happened to SCO's Greek Font Cryptographic Provider?!?

Re:Nothing New

[grahamlee]

Just a brief nitpick here, but I think that most versions of getty actually spawn login, which is what reads the shadow file. But they can only read the shadow file as they have root privileges, there is no "and stuff like...". Just root. You'll note that passwd can no longer be used by normal users if you take away its SUID 0 status.

You can set it up to use the old-school style and hold hashes in /etc/passwd, but it's generally frowned upon.

You could set it up to use NetInfo if you had the inclination, though I expect few people do, as you'd probably need to have a couple of Linux machines connected to a NeXT network. People with Linux+Mac have no good reason not to use LDAP or something equally interoperable :-)

Re:Nothing New

[grahamlee]

Use the source, Luke! ;-)
pwd_mkdb.c, kindly furnished by those nice folks at OpenBSD.

Re:Nothing New

Wow, you beg for your post to be modded up??? Or just coincidence that you both pronounce "explanation" incorrectly...

Re:Nothing New

[molnarcs]

Thanks for the tip.. I thought about mergemaster - that amounts almost to manual editing, no? I had to edit master.passwd manually once when I was fortunate enough to get hit by the KUser bug :( I only wanted to add my user to operator group) :(

Re:Nothing New

[jrockway]

Not basic arithmetic, the pigeon-hole principle.

Re:Nothing New

[Anonym0us+Cow+Herd]

Uh, you're confusing two things.

I'm not confused at all.

I know that multiple inputs to a one way function may generate the same output.

So then, why the hell is it called a one-way function?

Answer: because it is infeasible to find one of the other inputs that result in the same output.

I thought I made this clear in my grandparent post.


The fact that there are multiple possible passwords for this Word document is proof that it is a one-way function.

Um, no. I think I just covered the definition of a one-way function.

I would use CRC-32. Multiple inputs would result in the same output, but it is decidedly NOT a one way function.

The very fact that someone has a utility to give them alternate passwords means by definition that the function in word is NOT a one way function. Otherwise, it would be infeasible to do exactly what this utility does.


MD5 is good because for some given value, it's really hard to find anything which hashes to that value, not because it's somehow 'more one-way'.

MD5 is "more one way" in the sense that it is harder to find an alternate input; using the definition of one way I just gave.

Even if you strictly consider the binary case of "is" or "is not" function X a one way function, rather than a continuum of one-way-ness, then one is "more positive" than zero. And MD5 is "more one way" than Microsoft Word's function.

Re:Nothing New

[Anonym0us+Cow+Herd]

If they had used a true one-way function, (definition: infeasible to find an input resulting in certian output), then by definition it would have a larger number of bits in the result.

Let me restate that, and what is in my original post. If Microsoft had used MD5 (more one way than what they used), of course, it would have a wider output, which is just a characteristic of such a function.

Re:Nothing New

[Em+Ellel]

I stand corrected.

Re:Nothing New

[IncohereD]

What's wrong with good old symmetrical encryption algorithms?

Because they're talking about SIGNING the documents so they can't be altered, not encrypting them. RTFA.

Re:Nothing New

I'm not confused at all.

Sorry, but yes, you are.

I know that multiple inputs to a one way function may generate the same output.

So then, why the hell is it called a one-way function?

Because it's very difficult to reverse (i.e., to compute the original input knowing the output). The computation is very easy in one direction (one-way) but extremely difficult in the other. Here's a classic example: if you have two large primes, it's trivial to compute their product. But if you only have this product, finding out the factors is very difficult.

Answer: because it is infeasible to find one of the other inputs that result in the same output.

Nope, you're confused. A one-way function is exactly what I explained. The requirement that it's also difficult to find another input that hashes to the same output (the function is collision free) defines a subgroup of one way functions, named one-way hash functions, or fingerprint functions . See Bruce Schneier's "Applied Criptography" 2nd edition, section 2.4 for more detail.

FWIW, it should be obvious that it's not possible to have collision free hashes when the input is larger than the output. A hash function can be seen as defined on N (the input can be the natural number representing the document in binary form if you want) with values in {0...2^n} where n is the number of bits of your hash (128 for MD5, 160 for SHA1). Since the number of possible inputs is theoretically infinite (and certainly greater than 160 bits) there must necessarily be multiple inputs all hashing to the same output.

A good hash algorithm makes sure there is no trivial way (faster than brute force) to find another such input. To deal with brute force the most important issue is the length of the output: if the size of your output is n bits, the probability of getting an input that hashes to your output is 2^(n/2) (check Schneier's book for the birthday paradox). That's why for example a 32 bit CRC is lousy as a cryptographic hash/signature.

Re:Nothing New

[Bronster]

Just a brief nitpick here, but I think that most versions of getty actually spawn login, which is what reads the shadow file. But they can only read the shadow file as they have root privileges, there is no "and stuff like...". Just root. You'll note that passwd can no longer be used by normal users if you take away its SUID 0 status.

And right back at you. Have you ever actually looked at the file, or are you just talking out of your arse?

brong@dariat~>ls -la /etc/shadow
-rw-r----- 1 root shadow 1320 Dec 28 10:51 /etc/shadow

This is Debian GNU/Linux - but I remember similar things on BSD and other U*IX like OSen that I've used. Shadow group is a concept that's not exactly new, and it means that tools which only read, and should never write, the password file can be partitioned off where they can't do much damage.

Slashdot does need a 'full of shit' moderation.

The 'passwd' command on the other hand needs to write the password file, and hence needs root privs.

Oh, and a good reason not to use LDAP (and I speak from experience here) is that it leads to single points of failure. We've switched to using centrally managed /etc/passwd and /etc/shadow synchronised out to all machines by the configuration management tools. Far fewer messy failure modes.

If you want to come up with an OS where there isn't a shadow group for /etc/shadow, feel free - but I haven't seen it anywhere I've had to care.

Re:Nothing New

[EvilTwinSkippy]

Having baked my noodle on cryptology classes during my ill-fated time as an Electrical Engineering student, I would also like to point out that most of the science is based on theorums that are unproven.

There is nothing to say the next week some kid in Norway can't figure out a simple way to bypass the brute force math on public-key encryption using a new technique.

Computer encryption today is like the enigma machine in WWII. In 1930, a mechanical cipher was almost unbreakable. Today I can model all of it's functions on a graphing calculator available at staples, and probably have a cipher worked out in a matter of weeks.

Re:Nothing New

[Jeagoss]

Gnupg is an implementation of pgp. So your two examples are the same thing. Don't mean to be nit picky, but, I just couldn't help it.

Re:Nothing New

[Basehart]

What's wrong with good old symmetrical encryption algorithms?

What's wrong with good old fashioned honesty? If people weren't so fucking nosey and crooked we wouldn't need encryption, passwords and crap!

Re:Nothing New

[pegr]

I understand that if you wanted two passwords, one for read rights, and one for write rights, then you can run into problems.

Just an insurmountable problem (so no problem, right?). Remember what Bruce sez, if you can read it, you can write it.

Re:Nothing New

Really really simple dumbed down of an explination of what could be happening.

Really really dumbed down explanation of your spelling would also be good :)

Re:Nothing New

[condensate]

Well I'm not a native english speaking person, so I quite do not know how the thing you refer to as a one-way function would be called properly in math. I already read the term injective, which is precisely what the parent of your reply pointed out. Think about the square function: 4 can be the result of both -2^2 and 2^2, therefore, whithin a field of definition that goes below zero, it is "one-way" but the original values can be reconstructed by a bit of brainpower... Given the string test, L('test') results in 4, but so does L('blah'). Therefore the proof for a function to be injective is given by simply finding two different elements that give the same output... which your parent points out quite correctly.

Re:Nothing New

Well, it may brute-force it, but a better (i.e faster) way to find an appropriate pass-phrase is to use a genetic algorithm, with the `win condition' or `genetic superiority' condition being to search for groups of characters that are most likely to appear in a document (such as words and control characters).

Re:Nothing New

[Insipid+Trunculance]

Office documents use a check sum approach to passwords so one doesnt need the origianl password to unlock the document so long as any password generates the same check sum it will
do.

not a very good approach to security but i am the last one to complain.

Re:Nothing New

[mpe]

What's odd: The password returned by my tool of choice is not the same as the one actually stored - but when I enter this new password OR the original password into Word, the document is successfully unprotected. Some sort of odd math that makes more than one password work?

It's quite simple what is stored in the documenet is the result of a many to one function.

Re:Nothing New

[ajr_trm]

Let me restate that, and what is in my original post. If Microsoft had used MD5 (more one way than what they used), of course, it would have a wider output, which is just a characteristic of such a function.

It really doesn't matter what hash had been used. If you can spot the place where the hash of a password is stored you can check the value of the hash for empty password and then replace the hash in portected document.
IMHO the right way to protect document form unathorized changes is to compute the hash for document content, encrypt the value of hash with the password and then attach such encrypted value to document.

Re:Nothing New

[ajr_trm]

Remember what Bruce sez, if you can read it, you can write it.

You can attach encrypted checksum to it. To change document someone would have to know your password to encrypt new checksum.

Re:Nothing New

[grahamlee]

Umm...yes I have...
leeg@rayleigh:~>ls -l /etc/shadow
-r-------- 1 root sys 33530 Dec 11 02:13 /etc/shadow
That's on a Slowlaris box but then this is on a Linux/x86 box:
leeg@heisenberg:~> ls -l /etc/shadow
-r-------- 1 root wheel 474 Nov 17 21:43 /etc/shadow

Slashdot does need a 'full of shit' moderation.

Unfortunately it would just be used by people who think that one data point means that they are correct and the rest of the world is wrong. It would also be used by people who were themselves talking out of their arses.

I remember similar things on BSD

The BSDs I've used have either had the binary pwd database or have used NetInfo or LDAP - or in the case of a SunOS 4 box over in the corner of the room doesn't have shadowed passwords. Which BSD have you seen with an /etc/shadow file? There is /etc/master.passwd, but then:
newton:~ leeg$ ls -l /etc/master.passwd
-rw------- 1 root wheel 1259 12 Sep 21:41 /etc/master.passwd
Hmmm...that doesn't have a shadow group either.

Oh, and a good reason not to use LDAP (and I speak from experience here) is that it leads to single points of failure.

If you only have one LDAP server then that would be the case I suppose.

Re:Nothing New

[Snaller]

Subsequent testing reveals that the original password will also unprotect the document.


Given that its a microsoft product, this suprised you greatly?

Re:Nothing New

[Snaller]

OK, replying to your own post is lame, but here are the encryption types available under Word 2003:

Not being able to edit your post is lame, but that's slashdot for you.

Re:Nothing New

[johnnyb]

" If they had used a true one-way function, (definition: infeasible to find an input resulting in certian output)"

Is that the real definition of a one-way function? I thought it was simply that X -> Y, but that you could not necessarily find your way back to X based just on Y. For example f(x) = 1 would be a one-way function, since everything maps to 1. I'm not sure about this, would someone like to point to a URL with more definitive information?

Re:Nothing New

[Anonym0us+Cow+Herd]

The book Applied Cryptography does address much of this.

PKI is based on the premise that it is not feasible to factor sufficiently large numbers which are the product of two very large primes. Mathematicians could come up with a breakthrough. There have been several optimizations in the last couple decades (mentioned in the book). Nonetheless, it is believed that this problem is still a "hard" problem.

The book also addresses the question of guessing how much computer power there will be in the future. The text is very interesting in this part. It then goes on to address the question from a different perspective, thermodynamics. Given the minimum number of ergs of energy to represent a bit state change in a hypothetical ideal computing system, and the minimum sizes, how big and how much energy would be required to mount attacks on key lengths of various sizes. Even if you had such an efficient system, and built it as a dyson sphere around a star, capturing all of the energy, you would not be able to attack keys usable today that are over a certian length.

Conclusion: with suficiently long keys, in use today, your major concern would be a mathematical breakthrough that dramatically reduces the work from a brute force attack to an attack on a more limited keyspace.

Re:Nothing New

[Anonym0us+Cow+Herd]

>>So then, why the hell is it called a one-way function?
>Because it's very difficult to reverse

Isn't that what I just said?

I'm not confused.

Check the definition of a one way function. Not the definition you are using.

Re:Nothing New

[hawkestein]

one-way function != non-invertible functions. A function f is one-way way if, given f and a value Y, it's *really hard* to find an X such that f(X)=Y. (Where *really hard* means that the probability of guessing a valid X decays exponentially with the number of bits).

Re:Nothing New

[saforrest]

Uh, you're confusing two things.

As others pointed out, I was the one who was confused here.

I interpreted "one-way" to mean non-injective, whereas in cryptography it has a perfectly established and well-defined meaning of 'difficult to invert'.

So, sorry to the person I corrected, and ignore the claims made in the parent of this message.

Re:Nothing New

[bradkittenbrink]

As others pointed out, I was the one who was confused here.

funny how none of the moderators noticed this, well done fellow karma whore!

Re:Nothing New

[pegr]

You can attach encrypted checksum to it. To change document someone would have to know your password to encrypt new checksum.

You know, I shouldn't even respond, but since you're not AC, I will...

Do not confuse authentication with defeating DRM. I said, if you can read it, you can copy it. (Actually, I said Bruce said. For reference, I recommend "Applied Cryptography" by Bruce Schneier. He's the Bruce I'm referring to. Good stuff!)

Now then, how does your checksum scheme defeat copying? Do you think anyone who copies the "uncopyable" cares? Or, if authentication is your issue, would you like to discuss the many ways authentication can be attacked? (For several ideas, read Bruce's book!)

Re:Nothing New

+1 Nit Picky

Re:Nothing New

[pegr]

If the passwords were of sufficient length, and encrypted with 128 bit encryption as is an option in newer versions of Word, then this is a moot point.

If your password contains more than 128 bits of entropy, then your 128 bit key has less entropy than your password. This implies more than one password could generate the same key (a.k.a. a hash collision). Nothing moot about that!

On the other hand, I believe the spec is about 1.8 bits of entropy per character for passwords, so to exceed 128 bits of entropy, you'd have to use >64 characters in the password, a rare occurance in practice.

The difference between theory and practice? Well, in theory, there is no difference...

An insecure Microsoft application?!

Is this a dupe? I could swear I've read this one before.

As we already know....

[overbyj]

it is not a problem, it is a feature!

Re:As we already know....

Status: This behaviour is by design.

Oh, this bodes well.

[The+I+Shing]

There'll be a patch for this coming sometime this year, I'm sure. Maybe by March.

I wonder if Microsoft was warned about this before this information was posted.

Re:Oh, this bodes well.

yes the patch is calle Paladdin (DRM) and you will now never have a real choice ever again.

Re:Oh, this bodes well.

[zdislaw]

I wondered exactly the same thing. For about three seconds. The I RTFA.

2003-11-27, 10:30 UTC Microsoft notified to: secure microsoft com

2003-11-27 confirmed receipt from: secure microsoft com

2003-12-03 Note from Microsoft, Form protection "is not intended as a full-proof protection for tampering or spoofing, this is merely a functionality to prevent accidental changes of a document", request additional time to update Microsoft Knowledge Base article.
Targetting beginning of January 2004 for release of this advisory.
from: "Magnus"

2003-12-08 Microsoft has already released the KB article (or added a warning to an existing article). Read the KB article at http://support.microsoft.com/?id=822924
from: "Magnus"

RTFA... It's hilarious

[h4rm0ny]

According to Microsoft, the password protection feature on Word is not intended to be secure, but should be regarded as a means to protect documents against accidental modification. I use Word and don't ever recall being advised of this, but then I suppose the EULA does warn users never to actually rely on the software for anything important.

I never expected the protection in Word to be anything special, but sometimes (as shown here by Dell) it's better to have no security than false security because that way you take greater care.

But for those of you who never RTA, here is what was the highlight for me:

1.) Open a protected document in MS Word
2.) Save as "Web Page (*.htm; *.html)", close Word
3.) Open html-document in any Text-Editor
4.) Search "" tag, the line reads something like that: ABCDEF01

Re:RTFA... It's hilarious

[dfeist]

But you have to remember that there is no way to implement that feature in a secure way - if you can read something on a medium writable for you, you can change it! So everyone who can think should know that this can not be secure.
(there is the possibility of signing the document (public key), which does not protect against changes but at least you can prove/know that it's been changed. But that's clearly another thing)

Re:RTFA... It's hilarious

[(eternal_software)]

Uhhh.. what about the rest of it? You then have to take that tag, open up a hex editor, reverse it, find the bytes, and null them out.

I mean, it's not rocket science, but that was some creative editing on your part to make it look ridiculously easy.

Re:RTFA... It's hilarious

[Kevin+Stevens]

The locks on these files are very similar to locks found on standard filing cabinets. They are there to prevent tampering, keeping people out of places they really shouldnt be- sensitive, but not absolutely secret stuff. Secure they are not. I have used these things before, and I can tell you, its pretty clear they are not using any heavy duty security. I do not see how anyone intelligent could really see them as otherwise. You dont have to read a EULA to realize there is no watermarking, no digitial signature, no complex scheme of any sort behind it. I put last year's tax records in a filing cabinet, but I wouldnt keep the deed to my house or my the account number to my secret account in the cayman's in there, I would buy a safe. Same concept here.

Re:RTFA... It's hilarious

[h4rm0ny]

I mean, it's not rocket science, but that was some creative editing on your part to make it look ridiculously easy.

Fair comment, but I'm a C++ programmer, written device drivers that sort of thing, so I suppose it does look pretty silly to me but may not to others. What I was getting at really is that it's not clear to most people that it isn't secure. If a big company like Dell makes that mistake then I'm sure others will too.

By the way, I didn't intend my editing to be quite that creative - darn slashdot ate the rest of my comment as soon as it saw a HTML tag.

Re:RTFA... It's hilarious

[ChristTrekker]

That's right. If the illusion of security is good enough for the Department of Homeland Security, it ought to be good enough for Microsoft! Who needs real security?

Re:RTFA... It's hilarious

[Skater]

Reminds me of an electrician I knew that always worked on wires live. That way, he claimed, he was certain to be careful.

He was pretty old, too, so I guess it worked...

--RJ

Re:RTFA... It's hilarious

[tundog]

4.) Search "" tag, the line reads something like that: ABCDEF01


ABCDEF01? Thats the same combination I have on my luggage!

Re:RTFA... It's hilarious

>>I do not see how anyone intelligent could really see them as otherwise.

there's something even far worse then the msword-weak-password problem.

It's people generalizing the population at large. The parent poster thinks that because HE can determine that MS security isn't...That everyone else is able to as well.

Can you imagine him as an sysadmin? He assumes that his 10,000 users are intelligent enough to know better then to take microsoft's security at face value.

I can see it now, Kevin is reporting to the CEO: "well the users _should_ know better then to trust microsoft security!" (after company secrets were lost by a clueless secretary)

yea right. that'll fly.

someone mod parent into the ground please.

Insightful = You've considered more then one viewpoint or possibility.

Re:RTFA... It's hilarious

Yeah...Kevo is one of those MS apologists. Why they hang around /. I'll never know.

Re:RTFA... It's hilarious

not to mention it's just common sense.

users, god bless them, are just plain fucking stupid.

and this Kevin dumbass thinks that "people should know better"

that's just plain wrong. users DON'T know. and if microsoft has software that says "password protection", then because of all the hype(have you seen those goofy MS Office commericals lately?!), and statusquo, users take that as gospel.

Kevo needs to pull head from arse.

Re:RTFA... It's hilarious

[ErrorBase]

Pretty old is a relative term. In this case 25 is pretty old :-)

Re:RTFA... It's hilarious

[hikerhat]

The difference between computer security and meat space security is cost. A good physical lock costs much more than a lock on a standard file cabinet. We simply can't afford to put all our physical documents in safes. It is also obvious to most people that a flimsy file cabinet is much less secure that a safe.

Computer security costs the same if you use some lame hack like MS is doing, or use real cryptography. The cost is nothing. Cryptography algorithms are freely available, and modern processors can handle the encryption without serious inconvenience to the user.

And it is not obvious from looking at the interface to a program how secure it is. You enter a password either way. Most people, for better or worse, have an innate trust in computers and other people. If they have to enter a password they assume their data is secure. Programmers know that. If you supply software that asks for a password and you have no real security behind it you are committing fraud, if not by a legal definition then certainly by an ethical definition. Personally I believe developers should be required by law to provide scientifically sound security in any application that prompts a user for a password.

I'll even bite on your little "most intelligent people" bit of trolling. Most intelligent people don't know what watermarking or digital signatures are, and it is not at all clear what application is secure and what is not. Most intelligent people have better things to do than dink around on computers and read about computer security. They hire people to do that for them or buy software that appears to do that for them. Unfortunately in this case the people they hired are lying scumbags and they purchased software from lying scumbags.

Re:RTFA... It's hilarious

[sql*kitten]

Computer security costs the same if you use some lame hack like MS is doing, or use real cryptography. The cost is nothing. Cryptography algorithms are freely available, and modern processors can handle the encryption without serious inconvenience to the user.

Word passwords are deliberately weak. They are designed such that if you forget the password, all is not lost. Average consumers with industrial grade crypto would be a support nightmare - if you forget your bank PIN, you can get a new one, if you lost the passphrase for a PGP-style secret key, your document is as good as shredded. A serious user would use EFS or PGPdisk or something.

Re:RTFA... It's hilarious

Wow. Seriously.
Wow.

Re:RTFA... It's hilarious

in this case the password isn't being cracked, it's completely bypassed.

microsoft's hash being weak or strong is irrelevant, it's their implentation that's stupid.

1. save document as html & search for string
2. open original doc in hex editor & replace string value.
3. edit file, & replace hex values & your done.

your comment would be relevant if microsoft's hashes were being brute forced.

Re:RTFA... It's hilarious

[fermion]

This is a point i have been pushing of late. Most security, and anything that MS has or has announced, is not effective against the purposeful attacker. The password in MS Word has been broken for ages. Any DRM they implement is going to broken pretty quickly. It will not prevent motivated office worker of kiddie from doing what they want with the content. It may provide tacking of the activity, but the motivated person can and will use such tracking to target innocent parties.

As has been mentioned, the usefulness is protect the innocent. Such technology can and should be used to insure the innocent office worker cannot do damage to data and standard forms during the normal duty cycle. Such technology can and should be used to insure that sensitive information, like edits and internal company information, are redacted prior to their public release. And, of course, it is perfectly reasonable to mark internal emails as internal to prevent accidental distribution.

Of course, MS et al is so intent on making DRM a tool for the distributor of content, rather than a mechanism to protect the innocent, that it's product allows the regular release of sensitive and private information

Re:RTFA... It's hilarious

[Kevin+Stevens]

I am not an apologist, and not a fan of MS's policies, but I believe slashdot is way too anti-MS. /.'ers will rip MS to shreds over anything, but just kind of look the other way when it happens to linux. You never see articles stating "blahblahblah company considering using windows" articles, but it seems like anytime any entity of more than a few hundred people is even considering changing from windows, its right there on the front page. I believe its the "MS always evil. Linux/OSS do no wrong" attitude that is so ferverently defended that is going to keep linux/OSS in a niche and out of the mainstream. There are some out there who just believe so firmly in the linux/OSS idealogy that their promotion seems to become the goal, when presumably at one point it was benefitting all computer users through linux/OSS that was the goal. And these guys scream bloody murder at every opportunity against MS, no matter how minor the infraction, or how generally accepted a business practice is. And hence they make themselves and by relation linux/OSS look stupid. They call MS programmers idiots, complain about OSS not being widely adopted but then call the users idiots when you tell them most OSS software is too difficult for an average user to use, and have no problem telling an utterly confused newbie to RTFM when they boot up linux for the first time and cant figure out why they cant just run programs (IE why . isnt in their path). Presumably these are the same people who when you have a different opinion than them, dont make a rational, calm, convincing argument as a reply, but rather sit there and call you an F'ing idiot for not seeing there apparently self-evident 100% correct point of view. They just lose touch with reality, and end up alienating alot of people. And so, when I see such opinions being flung about, I try to counteract them with a much more toned down viewpoint, one that suggests maybe, just MAYBE, there might be another side to the story, and that its not completely MS BAD, Linux/OSS GOOD!!, and that mistakes happen, people have bad days arent necessarily idiots because they forgot to shut port whatever off or use the preview pane in outlook. and thats my story on that. if that makes me an apologist, then so be it.

Re:RTFA... It's hilarious

[fishbowl]

While it's not easy to put a highly secure lock on a file cabinet, it would have been extremely easy to put truly effective digital security on the document signature in Word. Instead of doing the easiest thing in the world, say incorporating a generally accepted crypto mechanism in the product, they decided to put a facade that represents an illusion of security. Why did they even bother?

Re:RTFA... It's hilarious

You take this site waaaay too seriously.

Re:RTFA... It's hilarious

This site takes itself way too seriously. But then, it is part of the OSDN's propaganda war.

Re:RTFA... It's hilarious

Holy crap.

Listen, I realize you're basically a conspiracy nutjob, but if you want to make the world accept you seriously you're going to need to make your rants seem less like rants.

Break your rants up into paragraphs, it makes them easier to digest and generally lends an air of credibility to your otherwise insane ramblings.

Just trying to help, please don't mail a bomb to me.

Re:RTFA... It's hilarious

Are EFS's really that secure? I was under the impression that the the entire FS could be accessed using any one of a variety of utilities, downloadable from the web.

Re:RTFA... It's hilarious

[cynicalmoose]

I'll object to a legal requirement to prove that the passwords a program supplies are secure. It isn't the programmers' responsibility to know what level of protection users expect, especially if he puts something in (as in the EULA), about not relying on the software.

Re:RTFA... It's hilarious

[balster+neb]

What was meant:

4.) Search "<w:UnprotectPassword>" tag, the line reads something like
that: <w:UnprotectPassword>ABCDEF01</w:UnprotectPassword >

Re:RTFA... It's hilarious

[z01d]

Word passwords are deliberately weak. They are designed such that if you forget the password, all is not lost.

Then, tell me, what will be lost if MS use a oneway hash or something more secure to protect the "Change Track"?

Original author can always copy the content to clipboard and then create a new document, anyway, s/he is the author.

your comment would be relevant if we're talking about "open" or "read" or "print".

What do you mean, that's too cheap?

[Trillan]

I swear, you guys gave me a quote of $6.35 for a new Latitude.

Re:What do you mean, that's too cheap?

This is a silly argument. There are several copies of the original document on the senders end. They probably printed it out, it's in their sent mail, etc, etc.

Re:What do you mean, that's too cheap?

It's a joke. Laugh.

Re:What do you mean, that's too cheap?

[Trillan]

Although someone, somewhere has probably tried it...

Re:What do you mean, that's too cheap?

Another reason why preliminary schools should introduce "sense of humor" in their course.

Other Variants

[skroz]

If I recall, openoffice/staroffice can open "encrypted" Word and Excel documents without the requirement of a password. I know this used to work for older versions...

Re:Other Variants

[setzman]

I don't think that's what this particular password was intended for. The article says that this particular hack is for unprotecting documents. It doesn't say that it will unencrypt a document.

Re:Other Variants

[pegr]

If I recall, openoffice/staroffice can open "encrypted" Word and Excel documents without the requirement of a password. I know this used to work for older versions...

Not since Office 98...

Re:Other Variants

[gnu-generation-one]

"If I recall, openoffice/staroffice can open "encrypted" Word and Excel documents without the requirement of a password. I know this used to work for older versions..."

OpenOffice website says that they choose not to do this for "legal reasons". They don't mention any technical problems with the idea.

DCMA Violation

[N8F8]

Wanna bet?

Re:DCMA Violation

[incast]

if you're going to get all legal-paranoid, at least spell it (DMCA) right...

Re:DCMA Violation

[rolocroz]

No, but perhaps a DMCA violation...

No biggie

[ultrabot]

Anyone that passes around "confidential" stuff w/o putting it through GPG or equivalent is an idiot and deserver to be burned anyway.

Re:No biggie

Hardware encryption is where it's at, baby. I'm a government employee in a top-secret level facility. All our workstations are running specially-developed in-house versions of TurboLinux with extremely hardended security and proprietary ethernet cards with 1024-bit encryption chips on-board. Every single packet gets encrypted before it leaves the plug, and decrypted by the card on the other end. In cases where the traffic is outbound to the Internet, a main proxy server will decode it. It's way cool, except I think the board in my machine is going bad, occassionally my Internet traffic gets corrupted hDIhj48j*3hj3c%@49CC*(2394jC(294jXapoasj983jFDPOIo pj3rw89unC*ufhj4389p u348jF #(*R0u348jcksdj398 #E54654seF4g6zYIPhkl5644h EAFOIjc939bvj Slashdot posts get all weird and hard to Feh834854nA iop4539jA oEui39&(*@#&%$j i43u Juwe49u4 *()jh489 talk to the sysadmin about #$*(56j 9gfj(*$u5ti W$6589 STE93ujf AU%$890jpioSTj349 JFV(49j OIERui496tjf9 donkey sex! LOL.

Re:No biggie

So Dell, a huge corperation with hundreds of thousands of people working for it decided to adopt a method of sending information that qualifies this entire corperation to be labled as an idiot and should be burned according to you?

Look, shrink wrapped software like MS Word is notorous for coming to the virge of lying to the end user just so they can increase sales. Shrink wrapped software, software designed for large (enourmous) client bases for a wide array of hardware profiles is only about shovling crap down people's throats. MS should have, any software company, should have placed a big fat notice stating that this is not a system that should be used to protect your data if you choose to send it of the current machine. It is no better/worse than flagging the file read only for a select number of users. But isntead of saying that they probably hid it in the EULA or some other obscure document and chose to probably put in big bold print on the box or thanks to Mr. Clippy that you can do such a thing to protect your document from being modified.

No there is no excuse for this...the only excuse MS or any company that does this sort of thing is the excuse that they are greedy and interested in only selling features that are worthless to the end user. The same idea could be brought over to bind. There is no excuse for the horrible flaws it has seen...simply laying blame of a root attack on a system to the fault of the sys admin is stupid. This is the reason why software will always reamain buggy and hardly reaching the goals they aimed to achieve. We are all to overly concearned about implimenting new ways of raking in more mula (DRM) and being bed buddies with other companies instead of cranking out secure systems (TCPA), bug free systems (grsecurity) like the consumer has wanted for a long time now.

Isn't the whole concept flawed?

[Brad+Mace]

How could password to modify work? Couldn't you just use something like OpenOffice (maybe modifyied) to get around it? Their scheme seems to assume everyone will play nice and respect their password setting.

No messy Dell battle

[MikeXpop]

This hack allows someone to download such a file, edit it, and restore the password...effectively allowing changes to the file to go potentially unnoticed.

Basically meaning the submitters comments about Dell are wrong, as Dell wouldn't use that kind of protection.

Come to think of it, I can't think of a real position where this could be a problem. What would someone do, host protected .doc's on a public server, and hope no one hacks into the server putting back the password-modified .doc? Anyone have a real world example?

Re:No messy Dell battle

[vasqzr]

Come to think of it, I can't think of a real position where this could be a problem. What would someone do, host protected .doc's on a public server, and hope no one hacks into the server putting back the password-modified .doc? Anyone have a real world example?

You've obviously never been in the real world.

To someone like your or I, Word is simply a word processing program. But, to office workers across the country....

Here's a list of things I've seen people use MS Word for:

Spreadsheet. Hit tab, enter a value, add them up by hand. Excel is 'too confusing'

Creating GIANT tables and using them for inventory, rather than an Access database

Creating a 3,000 page document and keeping time/attendance records for ~ 250 employees. And wonder why it takes 10 minutes to load, and 10 minutes to save, doesn't scroll right....

Re:No messy Dell battle

[DomCurtis187]

ummm... i fail to follow your logic.

say mr. l33t hax0r gets a password-protected DOC with a $999 quote from dell. mr. hax0r uses this hack and edits the file, knocking $300 off the quote. file gets saved, password's still there, and claims that dell should sell him a computer at $699 because the "secure" quote says so.

Re:No messy Dell battle

[Sp4rtikuz]

The problem would be, someone changes their qoute, and claims Dell said in their "password protected file" that they would sell them a PowerEdge 400 sc for 159.99, for isntance.

Re:No messy Dell battle

[Geccoman]

MS Word is what you make web pages with, right?

Right...?

Re:No messy Dell battle

[cdf123]

The messy Dell battle would be fought on two fronts.

User vs Dell: The user can claim that Dell offered to sell something at a lower cost than the original document details.

Dell vs User: If there were special agreements on the purchase order/contract, Dell could change the original and claim that the User's copy was hacked and modified and therefore not a binding agreement.

Not to point the finger at Dell or anything, but I can think of a few companies that could and would take advantage of this flaw.

If you want security, trust encryption/pgp-gpg/md5sum/etc, don't trust any system where the "key to the vault" is taped to the side of the door during transit.

Re:No messy Dell battle

[cloudmaster]

You forgot "archive images in a format suitable for email". Yes. I've received a set of images via email, more than once, wherin the client thought "you know what would be better than multiple attachments or zip or stuffit or something like that? Putting all of the images into a word doc created by the very latest version of word, without bothering to save in a backward-compatible format." Or, they were thinking something like that...

Argh.

Re:No messy Dell battle

[Sloppy]

Well, mr. hax0r can claim that all he wants to, but still wouldn't actually have any evidence to back up his claim. I can write:

I, DomCurtis187, offer to sell a dual G5 PowerMac to Sloppy for $99.

on a piece of paper and then say, "Here's my $99, where's my PowerMac?" but you're not going to be dumb enough to give me the machine, are you? And if I sue you over it, the judge/jury is going to want proof that you actually wrote that note instead of me. And I won't have any. How would Dell's situation be any different?

Re:No messy Dell battle

[Smedrick]

Consider yourself lucky. I usually get them in powerpoint slides...even if it's just one image.

Re:No messy Dell battle

I receive my Dell quotes as an html attachment, with a quote reference number which is also available via their web site. So I think this whole Dell conspiracy thing is a dead subject.

int27h

Re:No messy Dell battle

[binarytoaster]

And invariably they use Powerpoint as Photoshop, too. I've seen multi-MB .ppts because they couldn't be bothered to save as jpg...

Re:No messy Dell battle

[BurritoWarrior]

Um, you don't download it, Dell sends it to you, with the quote information/pricing in unmodifiable fields so that comapnies can't tamper with it/change the pricing.

While I don't think it is much of a concern, imagine what happens when things get automated the way MS wants and XML enabled services enable the exchange of the document, digitally signed via MS Passort, to constitute the agreement between the two. Edit your pricing, sign it with Passport, send it back to Dell, automatically processed, get 10% off without anyone blinking.

Re:No messy Dell battle

[Planesdragon]

To someone like your or I, Word is simply a word processing program.

Not really. Word is, depending on your perspective, a "very valuable tool" or an "over-bloated word processor."

Spreadsheet. Hit tab, enter a value, add them up by hand. Excel is 'too confusing'

Word can also add up said table for you. If you just need REALLY simple numbers, Word can work as a spreadsheet.

Creating GIANT tables and using them for inventory, rather than an Access database

Access works on a wholly differnet paradigm than Word. For a small enough inventory, Word (or a scrap of paper, or a text file) will work.

Creating a 3,000 page document and keeping time/attendance records for ~ 250 employees. And wonder why it takes 10 minutes to load, and 10 minutes to save, doesn't scroll right....

OK, that one's just foolish. Next time you see someone do that, feel free to shoot them. I'm sure God will forgive you for it.

Re:No messy Dell battle

Because as we move forward, it won't be a person with common sense looking at this, but a computer looking at data.

Sure, they will probably throw out exceptions for differences greater than x% off normal pricing, but I have commonly got retailers to come down 20-50% from their normal price.

XML example above:
If I order 20,000 widgets at $99.00 over the course of a year, then figure this out and take 6% off this price (1,980,000 normally, $1,861,200 after discount) I've saved over $100,000 dollars that I can move to a swiss account.

The proper thing to do here is to have product number and quantity in XML, but not product price.

Product price should be in a seperate database with customer code, and effective date.

This database should not be updatable by the customer.

We aren't a retailer, but we use XML and this is what we do.

This reminds me of the days when shopping carts first came out and the prices were stored in cookies. Modify the cookie and you could submit a purchase at any price you wanted. Someone's not thinking if they do this type of coding.

Re:No messy Dell battle

[Rich0]

I used to love the seminar announcements at work. They'd send it as a single powerpoint slide. Then if I wanted to put it in my calendar I'd have to copy and paste the content of each of 47 different text boxes into outlook if I wanted to record time, place, speaker, etc...

Not to mention the use of 300KB of inbox space x 250 recipients at least...

Re:No messy Dell battle

[Rich0]

Yeah - in all these cases it starts out as a "small" list of numbers to add, or 15-item inventory. After two years of being shared by a department it becomes a candidate for conversion to an ERP system, and they can't understand why they have 12 entries for the same thing on different pages since there wasn't any kind of input validation, and why 50 of their stock numbers refer to more than one item...

If more than one person is going to use it for more than a month, build it with at least a play database like Access if not something more real...

DMCA anyone

[Ubi_NL]

As SF.com is located in the US, isn't this exactly something covered under the DMCA: publishing a method to circumvent a protect mechanism.
In that case, what are the chances of them getting into trouble?

Re:DMCA anyone

[Chagatai]

As one of the previous posters mentioned, the password scheme, as described by Microsoft, is not designed to be a means of protection of data, but more of a way to deter users from accidentally modifying Word documents. I suppose the poor man's version of this would be the copy protect tab on a VHS tape. You could tape over it in order to record over something, but it prevents accidental modification.

Ergo, if this password crack is constituted a breach of the DMCA, me taping over my neighbor's wedding and video of his kid's first steps with that weird Swedish adult channel I get on the dish must also be a violation of the DMCA, too. Stupid neighbor.

Re:DMCA anyone

[Sloppy]

Almost no chance of trouble, because there is no "technical measure that effectively limits access to a work." DMCA doesn't apply.

The document is not encrypted; you can access it w/out the password. Application software has to go to extra trouble to respect the "don't edit" advisory information; the normal course of operation is that you could edit the document all you want to, without having to know the password.

Compare this to CSS/DeCSS, where unscrambling is the only way to access the content.

Re:DMCA anyone

[phiwum]

The DMCA prohibits distribution of the means to circumvent copyright protection mechanisms, if I understand matters correctly (probably not). This password-to-modify feature does not seem to be a copyright protection mechanism.

At least not until some lawyers get together and dub it so.

Re:DMCA anyone

[chgros]

but more of a way to deter users from accidentally modifying Word documents
Why would you need a PASSWORD for that?

hehe

[NeoGeo64]

Another case of "if you build it I'll break it"

Anything built by man can be cracked by man.

DRM is useless bloatware.

Re:hehe

[LordK2002]

What has Word document security got to do with DRM? You can't control what happens to a Word document after it's distributed, only whether somebody can or cannot look at it (and once the password's out, anybody can use it, forever).

Word passwords are no more DRM than PGP or NTFS encryption.

K

Re:hehe

[deadsaijinx*]

MS are drones.... bzzt
Inferior human!

Re:hehe

[phiwum]

Another case of "if you build it I'll break it"

Anything built by man can be cracked by man.

Another example of wishful thinking somehow being passed off as insightful.

The fact that MS used a lame scheme for this password does not mean that every password protection scheme can be broken. Nor does it mean that every security protocol is fundamentally flawed.

Not that I am suggesting that DRM is likely to succeed. In fact, I don't think that this password is a good example of DRM. But, generally, DRM seems to have some special difficulties that, say, standard security protocols for key exchanges don't have.

On the other hand, whenever I start opining on DRM and the difficulties it has, I'm probably talking out my ass, so I'll shut up now. My first two paragraphs still stand.

Post anonymously box checked

... or not

One Way function

[nuggz]

Passwords can use a one way function.
Take the source string, do a bunch of 'stuff' to it, stuff that isn't easy to undo.
You can throw out some data too.

You end up with a new string, but since you threw out some information, you end up unable to reverse it.

Even if you know the end result, and the formula, you can't guess the password. You'd have to brute force it.
With slow computers, this was a very good obstacle. Now we use fancier algorithms, and it is still okay.

I'm not a math guy, go read crypto books if you want the 'real' explanation

Re:One Way function

[JPriest]

What the article points out is that the file is not encrypted, so you can just edit the file with something else and replace the password with 0x00000000 (to remove it).

Re:One Way function

[petercorrect]

Naaah, I'm sure you're all wrong. The word help says so, viz:

"When you create a password, write it down and keep it in a secure place. If you lose the password, you CANNOT open or gain access to the password-protected document."

Peter

Reasons for Digital Signatures

[Dark+Paladin]

I've been playing around with some digital signatures solutions (like the one from arx.com) to deal with issues like these - documents that must be "signed" and verified beyond "reasonable doubt".

What it comes down to isn't necessarily a "Microsoft Word" problem - it's an issue with verifying that data has its integrity. Probably doing an MD5/SHA1 hash on all documents and attaching that with the document would be good enough - which means you could just use text files instead.

Re:Reasons for Digital Signatures

XML security addresses the problem fairly nicely, although to be really secure it seems as though you have to be able to retrieve the certificate from an external source. But it's great for verifying signatures.

OpenOffice?

[m3j00]

Does OO.org have a similar feature? All of you are quick to jump Microsoft's case about this, so how does your Office Suite of choice stack up against Microsoft Office?

Re:OpenOffice?

[inode_buddha]

I have no idea how OO compares, but then again I rarely if ever need to deal with password protection, encryption, etc. in a direct way. There may be *no* security at all for OO docs. At least they're not *advertising* any security features. *That* is the difference.

I'm sure it wouldn't be too hard to hack something together with gpg if it doesn't exist yet. Stuff that *really* needs to be secure doesn't exist on my machine anyway; if it ever did, it got printed out, filed in a box, and the disk wiped. So, (for example) not only would someone have to physically locate me and my paper copy, but they would also have to verify that it is identical to e.g. a bank copy.

That said, I tend to do the important stuff (e.g. car, house, taxes) in person with cash and a signature; I've never trusted anything important to a given file type or structure.

OMG MICROSFT IS TEH SUCK

I love coming to Slashdot to read tech news, and every third post is "Micro$oft sucks HAHAHAHAHA LOL."

Jesus god, its like a gren AOL chat room these days.

Re:OMG MICROSFT IS TEH SUCK

[youngerpants]

You're new here aren't you?

Welcome to /.

Now way for such a thing to be secure

[osgeek]

Without some type of private/public digital signature system, you're going to see problems like this. Don't trust passwords on supposed read only documents as a general rule.

The sooner business people understand these things, the sooner that we'll all see the benefits of a standardized, omnipresent public key infrastructure. Make sure to educate the nontechnical people in your office so that they demand better security for their data.

Re:Now way for such a thing to be secure

[Greyfox]

Probably "Not Invented Here."

We should hack REALLY secure documents into openoffice...

Re:Now way for such a thing to be secure

[Kombat]

Public/private key models are great, as long as you're on a network. But say you sent me a protected document (signed with your private key), which I saved onto my laptop right before boarding a flight to Europe. Now I'd like to read your document on my way there, but for some reason, my laptop can't find your public key to allow me to open the document.

Oops.

Re:Now way for such a thing to be secure

"Standardized, omnipresent public key infrastructure"? WTF is that? You're talking nonsense! Here's a hint: Verisign, Thawte, Baltimore, and other Certification Authorities use PKI. Do you really need PKI to safeguard your confidential files? Duh? I'd say, use PGP. And don't get me started on public key encryption.
Pub Key Enc. is so slow (about 1,000 times slower than symmetric key encryption) that PubKeyEnc is only used to encrypt small messages. PubKeyEnc is usually used for identity verification, and NOT file encryption!

Re:Now way for such a thing to be secure

Umm as long as its only signed and not encrypted then you dont need the key to open/read the document. You only need his key to verify that since it left his hands it hasn't been edited...

Re:Now way for such a thing to be secure

[dbIII]

Don't trust passwords on supposed read only documents as a general rule.

That's what PDF and MD5 sums are for. If it's a read-only document it shouldn't be in a modifiable format, so why not PDF? I used to be very annoyed with employment agencies which required resumes to be in Word format - one honest person at an agency told me that was so they could modify the things so that they could pad some out and strip others down when they forwarded them on to potential employers. I've seen the modified resume that was submitted for my current position, and I'm very suprised I got the job - almost all relevant details were stripped out. It looked like the agent was pushing a paticular canditate, and that person was not me.

If you have something important in text in final form you shouldn't let others have it in an easily modifyable format. That said, it's easy enough to modify PDF files in the gimp, but the file size changes dramaticly.

The sooner business people understand these things, the sooner that we'll all see the benefits of a standardized, omnipresent public key infrastructure.

It probably will happen, everyone accepts virus scanners as a necessity now. Passwords and keys are still a different story - I had a short term contract with a company that used its company name as the Admin password on nearly every workstation and on POS machines that it sold, and the clients never changed it. A new IT manager with a clue, and remote updates of software fixed all that. Very few of the office or helpdesk staff thought passwords were anything other than an annoyance in that place.

Re:Now way for such a thing to be secure

[zcat_NZ]

Public/private key models are great, as long as you're on a network. But say you sent me a protected document (signed with your private key), which I saved onto my laptop right before boarding a flight to Europe. Now I'd like to read your document on my way there, but for some reason, my laptop can't find your public key to allow me to open the document.

If it's been signed and if you don't already have my public key in your keyring, you can still read it just fine but you won't be able to check the signature until you can get to a keyserver.

If it's been encrypted with my public key, you're not going to be able to read it anyhow, anywhere.

Re:Now way for such a thing to be secure

That's not how public key encryption works. If someone wants to send you a confidential file, he encrypts it using YOUR public key. Then, you use your private key to decrypt the file. Public key encryption ensures that you're the only person who can read the file. Even the original sender won't be able to decrypt the file he sent! (Of course, if he kept a copy of that file, unencrypted, he doesn't need to decrypt it.) Also, a signed file tells you that it *really* came from him and not from an impostor. Signing is NOT the same as encrypting. So, you don't need to decrypt a signed file.

How dumb do you have to be?

[p3d0]

What kind of rank amateur would just put a hashed password in the file, and then rely on hostile software to obey that password? Good grief.

The real solution is a digital signature. Anyone to whom that is not obvious shouldn't be putting security measures in commercial products.

Re:How dumb do you have to be?

[Prof.+Pi]

What kind of rank amateur would just put a hashed password in the file, and then rely on hostile software to obey that password?

Probably someone who truly believes their software is so ubiquitous that there would be no such thing as "hostile software."

Re:How dumb do you have to be?

[SweetAndSourJesus]

The kind that doesn't understand what a digital signature or hostile software is. That would be around 95-99% of all users.

Not everyone who uses a computer is a geek, you know.

Re:How dumb do you have to be?

[sharkey]

What kind of rank amateur would just put a hashed password in the file, and then rely on hostile software to obey that password?

This kind?

Re:How dumb do you have to be?

[p3d0]

I'm sorry, I should have been clearer. I'm not dumping on the users. I'm dumping on the developers who created this feature.

Re:How dumb do you have to be?

[serutan]

Apparently the rank amateurs in Dell's sales staff, and probably many others.

Re:How dumb do you have to be?

It doesn't really matter anyway, if you suspect your document has been modified contact microsoft and they'll check for those hidden signatures in the file to see who did it. Just like how they caught that guy who made the Melissa virus. ;)

So what?

[soluzar22]

If you use this feature and expect it to be secure in my opinion you're just asking for trouble. Of course this is M$'s fault, but really! Is this a surprise to anyone. I mean, anything can be hacked in time, but a password-protected word document? I've forgotten passwords myself in the past and decrypted the file in about a half-hour, and I'm hardly what you'd call a l33t d00d! I mean FFS! It's a word processor. Two answers to this. A) Don't let anyone but you have access to the file. Protect your PC and it's harddrive. B) Use something like steganos, or something better to securely encrypt your files. Don't trust in the MS. Anyway, everyone should be using AbiWord.

And this is a good thing

[Smack]

The fact that it can't determine your actual password is a good thing. Not for the security of that particular document, obviously, but for the security of other things you may have used the same password for.

Re:And this is a good thing

[cyb97]

Well run the password checker long enough and it'll come up with several possibilities. If your main concern is that you've used the same password elsewhere, I guess any good blackhat will be able to spot which one you've used or spend enough time to try them all.

The article is troll-ish

[_RiZ_]

I work with Dell for our workstation and laptop purchases and not once in the last 3 years have they sent me a quote in a Word document.

They have a system that links the quote with your customer ID and gets generated as an HTML file which gets emailed to you. All automagically.

To whom ever that thought they could change a word document quote and expect to get that price, I got some beach front property to sell you in Kansas. Silly fool.

Re:The article is troll-ish

[exhilaration]

The dude was in Germany, Dell might do things differently there.

But you've gotta pretty stupid to believe that Dell would honor a quote based purely on a FAX you send them - I'm sure somebody actually compares it to the original quote before it's authorized.

Re:The article is troll-ish

Tell me more about this beachfront property.

Re:The article is troll-ish

Dude, it's supposed to be oceanfront property. And it is in Nevada, not Kanas. Luther Realty is the real estate agent I believe.

Re:The article is troll-ish

[Sabalon]

I agree that I've never gotten such a quote from Dell, but I have gotten quotes from other vendors in this way...go in adjust the quantity and it automatically computes the total, etc...

Make for an interesting court case. Vendor showing the copy their e-mail log kept, customer claiming that one was falsified, etc...

Microsoft already knew

[JUSTONEMORELATTE]

It's old news -- that's why Microsoft prefers PDF for the really important stuff.

Re:Microsoft already knew

[gorilla]

For most PDF documents it's not that hard to change the text. The only ones where it's hard are where there are graphics for the text instead of using fonts.

Re:Microsoft already knew

[RzUpAnmsCwrds]

Seeing as they weren't the people who wrote those whitepapers (just the people that paid for them), the fact that they are hosted on the Microsoft website only signafies that the document was delivered in PDF form and Microsoft was not interested enough to force the independent company to do it in Word.

Re:Microsoft already knew

[JUSTONEMORELATTE]

sigh. It's a joke, people.
And for what it's worth, each of the PDFs on the MS site were generated on Windows, from MS Word documents.
Who the heck modded me informative, anyway?

Re:Microsoft already knew

A new twist on karma-whoring. Do it, and then pretend you weren't. Nice.

And it was about that time...

[pjwalen]

that I noticed my customer was a 12 foot tall monster from the crustacious period! He looked me right in the eye and said, 'My quote for the dell says about Tree-Fitty!' and I said GOD DAMN YOU LOCHNESS MONSTER!

Re:And it was about that time...

[TSNV]

"..a 12 foot tall monster from the crustacious period.."
the crustacious period? maybe it was a giant clam..?


no one will get that, and i'll be modded down.. and my karma is terrible for the same reason.. gee.. it sucks to be ahead of my time.

Re:And it was about that time...

[pjwalen]

Obviously you're not a southpark fan buddy.

Re:And it was about that time...

[Nasarius]

He's making fun of the fact that the original poster misspelled Cretaceous like crustaceous...

Re:And it was about that time...

[aflat362]

bwah ha ha !! bhaw ha ha

good one - silly fool.

Re:And it was about that time...

[pjwalen]

Riiiiiight... You're obviously not a southpark fan either. That's how they say it in the episode. Christ and I'm the original poster!@ I hate when I have to explain jokes it makes them less funny.

Handy even for MS's own contract forms !

[openmtl]

Some MS contracts (e.g. Schools Agreements) are also provided forms (at least in verson 3.1). Handy to now change clauses you don't like ! Not.

Just how far should they go?

[WIAKywbfatw]

OK, I'm not saying that Microsoft's totally without guilt here but just how far do people think they need to go with regards to securing passworded files? 48-bit encryption? 128-bit? 160-bit with triple DES? At what stage does the encryption become overkill?

And what about the consequences of selling Office (or even emailing a file) around the world with such strong encryption? It wasn't that long ago that the 128-bit encryption version of Internet Explorer couldn't be downloaded by anyone outside the US (even people in countries such as the UK) because that key length was longer than US export laws allowed at that time. So where do you draw the line between too weak (to be of any use to anyone at all) and too strong (to be of use to anyone who needs to deal with anyone based outside the US)?

Re:Just how far should they go?

[TwistedSquare]

It wasn't that long ago that the 128-bit encryption version of Internet Explorer couldn't be downloaded by anyone outside the US (even people in countries such as the UK) because that key length was longer than US export laws allowed at that time

I saw a good point the other day that US export laws on cryptography were fairly stupid when you consider that other countries have the skills/intelligence to develop strong cryptography outside the US in the first place. For example, RSA was originally developed in the UK.

Re: Just how far should they go?

[Black+Parrot]

> OK, I'm not saying that Microsoft's totally without guilt here but just how far do people think they need to go with regards to securing passworded files? 48-bit encryption? 128-bit? 160-bit with triple DES? At what stage does the encryption become overkill?

So long as we ride the Moore Curve, overkill degrades to underkill at a rate of about one bit per 18 months. So if you want your document to be secure in perpetuity, you'd better use a lot of bits.

Re:Just how far should they go?

There isn't a "too strong encryption", people outside US were able to use strong >=128bit encryption for many, many years (e.g. Opera, SSH).

Re:Just how far should they go?

It doesn't matter how strong the password hash is. The supposedly "read-only" data is in the clear, and can be freely modified. Just because Microsoft Word won't modify it doesn't mean it's not modifiable.

Even a weak cipher would be infinitely better than this method, which relies only upon obscurity.

Re:Just how far should they go?

[Coryoth]

I saw a good point the other day that US export laws on cryptography were fairly stupid when you consider that other countries have the skills/intelligence to develop strong cryptography outside the US in the first place. For example, RSA was originally developed in the UK.

At GCHQ, where is was kept under lock and key, and no one knew about it until long after Rivest Adleman and Shamir had published their paper.

Jedidiah

Re: Just how far should they go?

[Jerf]

This line of reasoning is a fallacy; computation power can't increase forever.

After a very reachable number of bits, you end up needing more power then exists in the universe, or a computer bigger then the universe, to crack the encryption, barring physics and engineering we'd currently consider magical.

It is possible, assuming the algorithms stay strong, to encrypt something that can not be feasibly brute-forced.

(And of course, as the number of bits used exceeds the number of bits in the message, you can't even brute force it, but that's another consideration.... you hit these "fundamental limits" long before that for any reasonably sized message.)

"Progress will continue exponentially forever" is a fallacy. Just because it's been true for the past 50+ years does not mean it can work forever.

Re: Just how far should they go?

[Black+Parrot]

> After a very reachable number of bits, you end up needing more power then exists in the universe, or a computer bigger then the universe, to crack the encryption

Right, but that number's bigger than 48 bits, right?. (Refer back to the grandparent post.)

> "Progress will continue exponentially forever" is a fallacy.

Yep. That's why I qualified my statement with "So long as we ride the Moore Curve".

But how many bits do you think we need to use, to be secure in perpetuity?

Re: Just how far should they go?

[Etyenne]

This line of reasoning is a fallacy; computation power can't increase forever.

Two words : quantum computing.

Re: Just how far should they go?

[Kjella]

So long as we ride the Moore Curve, overkill degrades to underkill at a rate of about one bit per 18 months. So if you want your document to be secure in perpetuity, you'd better use a lot of bits.

Take something like 256 bits, which is quite commonly available, and you'll see that brute forcing it requires you to turn each atom on earth into a computer, and compute with each of the atoms of the earth (2^171 atoms) at 1 THz (2^40) for 1 million years (2^45) in order to brute force *one* key.

Now, if that is too unsecure for you, I recommend you seek professional help. Fast.

Kjella

Re: Just how far should they go?

[Jerf]

Still a fallacy. If you don't realize why, you don't understand quantum computing.

Re: Just how far should they go?

[Black+Parrot]

> Two words : quantum computing.

Isn't that just one word in two different states?

Re: Just how far should they go?

[SeanTobin]

I'd like to put forth the observation that computing power _can_ increase forever. Once we hit the wall here in our universe, we simply move the computer into another dimension. Processing without the speed of light limitation would be a plus. Also, 4D "transistors" (or thier appropriate counterpart) could be a huge improvement.

Granted, that type of engineering would definately be considered magical - but not impossible.

Re: Just how far should they go?

[Etyenne]

Indeed, I don't understand quantum computing. However, this is mostly irrevellant. Be it quantum computing or something else I can't foresee/understand, one day (probably sooner than later, maybe just a few decades away) some computing mechanism will be invented that will put today's computing power to shame. Bref, I speculate that it will be trivial to crack your 128-bit encrypted communication in 20 years (or so).

Current encryption is based on computation that are considered too hard to brute-force to be worth it. I won't feel entirely safe until we have encryption that is impossible to brute-force.

That being said, this does not stop me from living my life and reading my bank report over a 128-bit SSL socket. I am just being realistic about the future prospect of the privacy I am currently enjoying.

Re:Just how far should they go?

[Spam.B.gone]

At what stage does the encryption become overkill?
If you can proof that there is only a brute force attack possible (you can't, i'm afraid) then overkill would mean that the theoretical minimum energy needed to change the state of some fysical device 2^n times is more than the energy available in our solar system. Don't have the exact numbers, but i think 160 bits would fit the bill.
So if you are willing to believe that something like SHA has no efficient reversal algoritme, its 160 bit are all you would ever need. (ever meaning: untill the sun goes out and you have other problems to worry about than your word file being password protected)
On the other hand, failing a mathematical proof that you can't efficiently reverse SHA, you might be worried and stick to one-time-pad encryption.

Re: Just how far should they go?

[Jerf]

I was not arguing that 128-bit encryption will stand forever. I was arguing that there is a (very reasonable) level of encryption that will.

Again, "We will progress forever!" is a fallacy; it contradicts everything we know about physics. Is it absolutely impossible? No, but it's so unreasonable a stance as to be effectively so. There is an upper limit to the amount of computation a given amount of matter can sustain. It's huge. But encryption gets hard exponentially, you can only linearly increase your computation power once you hit the limit by throwing more matter at it. Exponentially rapidly beats linear.

To claim otherwise is to essentially believe in magic. Real magic, not just advanced technology.

Re:Just how far should they go?

[phiwum]

I don't get it.

Because the very best encryption in the world may be difficult to implement, or may run afoul of exportation restrictions, we should not complain when Microsoft pretends to include password protection, but the protection is easily defeated?

I don't suppose that anyone would complain if MS used a reasonable protocol and a flaw was later discovered (append usual Slashdot caveat). But this password-to-modify protection is so lame that Microsoft has responded by claiming that some entries on the "security tab" aren't intended to add security.

There may be grey areas, where it's not clear if the security measures are enough or not. This doesn't seem to be one of them grey areas.

Re: Just how far should they go?

[Jerf]

Your message says "Assuming the impossible happens, an impossible thing can happen."

Yeah. Sure. Believe that computational fairies will pop out of particle physics that will carry us off to computational heaven. But don't sit there and tell me the impossible is actually going to happen.

When you figure out how to move anything, let alone a computer, into another dimension, drop me a line. I'd be interested in investing in your company. In the meantime, you're believing in the impossible, and it's on you to prove otherwise, preferably with something a bit more solid then "proof by assertion".

Good luck; you're a lock for the Nobel Prize in Physics if you succeed.

Re: Just how far should they go?

[Etyenne]

Again, "We will progress forever!" is a fallacy; it contradicts everything we know about physics. Is it absolutely impossible? No, but it's so unreasonable a stance as to be effectively so. There is an upper limit to the amount of computation a given amount of matter can sustain. It's huge. But encryption gets hard exponentially, you can only linearly increase your computation power once you hit the limit by throwing more matter at it. Exponentially rapidly beats linear.

According to today's human knowledge. Unfortunately, science evolve (and quote fast, lately).

Re: Just how far should they go?

[Jerf]

I've tried multiple times to do the Google search for the computations I've seen, but I always get swamped by other, irrelevant results. Here's as close as I can get, a link to a quote from Bruce Schneier, which quotes him as saying:

"...the annual energy output of our sun is about 1.21*10^41 ergs. This
is enough to power about 2.7*2^56 single bit changes on our ideal
computer; enough state changes to put a 187-bit counter through all its
values. If we built a Dyson sphere around the sun and captured all of
its energy for 32 years, without any loss, we could power a computer to
count up to 2^192. Of course, it wouldn't have the energy left over to
perform any useful calculations with this counter.

"A typical supernova releases something like 10^51 ergs... If all of
this energy could be channeled into a single orgy of computation, a
219-bit counter could be cycled through all of its states.

"These numbers have nothing to do with the technology of the devices;
they are the maximums that thermodynamics will allow. And they strongly
imply that brute-force attacks against 256-bit keys will be infeasible
until computers are built from something other than matter and occupy
something other than space."

(Note I don't know what algorithm that is a 256-bit key for.)

Of course this trivially extends into more bits, even if you consume all the power in the universe. Conservatively estimating the power you could obtain at, say, a dectillion supernovas (10 ^ 33 times the supernova), that only buys you another 110 bits. And as he says, that's just for the counter; actual computation will strip several bits from you. 512 bits isn't even concievably brute-force-able in this universe and that's being really, really conservative.

Re: Just how far should they go?

[hobdes]

Thinking just about classical computing (ie. not quantum) here's my back-of-the envelope calculation for a "long-enough" (uncrackable) key:

The universe is estimated(!) to contain 10^100 or B=2^332 bits of information. If all that information were dedicated to brute-forcing a length L key it would take

B = L 2^L

to store all possible keys.

If that's right then the universe could never brute force a key longer than L=324 bits.

God uses 324-bit encryption and that's good enough for me! :P

Re: Just how far should they go?

[jamesl]

Or you could print the document and put it in a safety deposit box.

Re: Just how far should they go?

[IchBinEinPenguin]

...about one bit per 18 months...

You're assuming strength = O(2**n) (strength of cypher varies with 2 to the power of the number of bits in the key).

I don't believe asymetric cyphers behave this way, and I though I read once that some cyphers are O(4*n) (i.e. adding one bit makes it 4 times harder to crack (larger keyspace AND more complex problem) rather than twice as hard to crack (i.e. O(2**n)).

It's generally accepted that ANY cryptography will eventually be broken, it's just amatter of putting that point far enough in th efuture so you don't care anymore (any PC today can easily brute-force ENIGMA and determine where the German submarine wolfpacks are, but it's a little late to do anyone any good :-)

Disclaimer: I am not a cryptographer!

Re:Missing Possessive

[m3j00]

Actually it doesn't need a possessive. "Microsoft Word" is a noun functioning as an adjective, describing the noun 'forms'. You need to brush up, Nazi.

Come on now...

[Kevin+Stevens]

Was this ever really meant to be really truly secure? "security" features like that have always been lame at best and equivalent to luggage locks. These passwords have always been susceptible to brute force attacks. Anyone really serious about keeping documents safe puts them into a source control program. There are many ways to pick at MS's security, this is not one of them. But if you are trusting these measures for really secure documents, I highly suggest you get your valuables out of the pink plastic safe you won at the county fair last year.

Re:Come on now...

[p3d0]

RTFA. This is not a brute-force attack. It's an inherent dumbness of their password scheme.

Re:Come on now...

[NanoGator]

"RTFA. This is not a brute-force attack. It's an inherent dumbness of their password scheme."

That doesn't, in any way, refute his point. He was saying that you cannot practically secure a document like this. Microsoft wasn't even aiming to do that. It's more like the FBI Warning at the beginning of a movie than a padlock.

Re:Come on now...

[babyrat]

According to Microsoft Help...

When you create a password, write it down and keep it in a secure place. If you lose the password, you cannot open or gain access to the password-protected document.

Let me repeat that -> If you lose the password, you cannot open or gain access to the password-protected document.

Now the typical slashdotter realizes this is false. Your typical Microsoft Word non-power-user could (perhaps 'would') interpret this as If you lose the password (or someone else gets your document as does not know the password), you (they) cannot open or gain access to the password-protected document.

By the way, that blurb is from a section entitled:
"Keep your Word documents secure"

Perhaps the MS rep who said: "If [users] are using it as a security feature then that is not correct," should read their help file.

Re:Come on now...

[Kevin+Stevens]

its a dumb password scheme because it was meant to be a dumb password scheme. Its a simple one way hash. It is a document, a self contained, meant to be passed around entity. Even if they used some complex password scheme, it would still not be difficult to brute force it, and thus make it inherently insecure. So I bet they had a design meeting at some point and said, "hey, the customers want a feature to prevent snooping/tampering of docs, lets put a simple lock feature on them" knowing full well that it was not secure. Considering that a document is a passed around, meant to be distributed, entity without centralized tracking or control, it would be very difficult to put real security on them, and nowhere have I seen MS office targeted as the "secure way" to store data. A company using this for invoices and such is just plain crazy. Its like complaining about the insecurity of a soft top convertible. Or that the jack that came with your car wouldnt hold the weight of your friend's truck (I mean its a jack isnt it?, there is nothing on there that says it wont jack up a truck) You cant ever trust the client, ever. Thats a cardinal tenet of security. Thats why we have barcodes, and no longer just put little pricetag stickers on products and ring up whatever is on them. You also wouldnt trust the little tiny lock on a diary to hold the wild stories of your other life as a transexual gay man, at least not without hiding the thing damn well when your family is over to visit. Im getting offtopic here, but the point is, MS Word in no way shape or form tries to be a secure document system, and trusting your business or very secret information to it is just silly.
sir, please read the fine post.

Re:Come on now...

[p3d0]

Well, that's one way to look at it I guess. But if the security were only as "weak" as digital signature technology allows, that would be pretty damn strong. It would be much more like a padlock than an FBI warning.

Re:Come on now...

[p3d0]

Am I wrong, or was this password meant to prevent tampering with the file contents? My point is it isn't anywhere close to achieving this.

Even if they used some complex password scheme, it would still not be difficult to brute force it...

I'm not sure what you mean by "difficult", but a run-of-the-mill digital signature would require something like a distributed computing effort to brute-force. I consider that pretty difficult.

Re:Microsoft software insecure???

[AndroidCat]

No more than the password on ZIP files isn't solid protection.

MOD PARENT DOWN

[setzman]

Didn't RTFA.

Boring.

[ProtonMotiveForce]

Great more yacking about security. Try to keep your drool from short circuiting your Dvorak keyboards.

1. Word password protection is semi-advisory, and it's not intended for serious content protection, and never has been.
2. How about those crypt passwords in /etc/passwd, eh? How long you you think those'll be secure? In 2 years most Unix sites in the world will be forced to change to something more secure - we'll see who's laughing when that scramble happens.

Full Article

[Athrawn17]

To: BugTraq
Subject: Microsoft Word Protection Bypass
Date: Jan 2 2004 10:51AM
Author: Thorsten Delbrouck-Konetzko
Hi all,
Microsoft Word provides an option to protect "forms" by password. This is
used to ensure that unauthorized users cannot manipulate the contents of
documents except within specially designed "form" areas. This feature is
also often used to protect documents which do not even have form areas
(quotations/offers etc.).
This form protection can easily be removed without any additional tools
(apart from a hex-editor).
Please find the full advisory attached.
best regards, /tdk
Thorsten Delbrouck
Chief Information Officer
Guardeonic Solutions AG
Rosenheimer Str. 116
D-81669 Munich
Security Advisory #01-2004
Advisory Name: Microsoft Word Form Protection Bypass
Release Date: 2004-01-02
Affected Product: Microsoft Word
Platform: Microsoft Windows, probably Apple Mac OS
Version: tested on 2000, 2002 (XP), 2003,probably other versions vulnerable as well
Severity:Document ("Form") protection can be easily removed
Author:Thorsten Delbrouck
Vendor Communication:2003-11-27, 10:30 UTC Microsoft notified to: secure microsoft com
2003-11-27 confirmed receipt
from: secure microsoft com
2003-12-03 Note from Microsoft, Form
protection "is not intended as a full-proof protection for tampering or spoofing, this is
merely a functionality to prevent accidental
changes of a document", request additional
time to update Microsoft Knowledge Base
article. Targetting beginning of January 2004 for release of this advisory.
from: "Magnus"
2003-12-08 Microsoft has already released the KB article (or added a warning to an existing article). Read the KB article at http://support.microsoft.com/?id=822924
from: "Magnus"
Overview:
Word provides an option to protect "forms" by password. This is used
to ensure that unauthorized users can not manipulate the contents of
documents except within specially designed "form" areas. This feature
is also often used to protect documents which do not even have form
areas (quotations/offers etc.).
(Word users will find this option on the "Tools" menu, entry "Protection", select "Forms" there and provide a password)If a Word document is protected" by this mechanism, users cannot select parts of the text or place the cursor ithin the text thus they cannot make any changes to the document.
Description:
When saving protected Word-documents as html-files, Word adds a
"checksum" of the password (enclosed in a proprietary tag) to the
code. The checksum format looks somewhat like CRC32 but currently
there are no further details available. The same checksum can be
found within the original Word document (hexadecimal view). If this
"checksum" is replaced by 0x00000000 the password equals an empty
string.
Example:
1.) Open a protected document in MS Word
2.) Save as "Web Page (*.htm; *.html)", close Word
3.) Open html-document in any Text-Editor
4.) Search "" tag, the line reads something like that: ABCDEF01
5.) keep the "password" in mind
6.) Open original document (.doc) with any hex-editor
7.) search for hex-values of the password (reverse order!)
8.) Overwrite all 4 double-bytes with 0x00, Save, Close
9.) Open document with MS Word, Select "Tools / Unprotect Document"
(password is blank)
Variation:
If the 8 checksum bytes are replaced with the checksum of a known
password it should be fairly easy to unprotect the document, make any
necessary changes, save, close and reset the password to the original
(unknown!) password by simply restoring the original values. Document
changed without even knowing the password. Nasty.
(Note: Take care to get file properties (author, organisation,
date/time etc.) right.)
Solution:
No solution is currently available. Do not rely on the "Protect
Forms" mechanism to protect a Word document against changes.
Credits:
Magnus from the Microsoft Security Response Center for his fast
responses and for showing a decent sense of humour. :-)

Re:Nothing New - I know....

[freeze128]

Our company has hundreds of forms that are now completely out of date, but they were Microsoft Word Forms and a few of them were actually protected with a password. I just checked your generic password, but it didn't work for my forms. These forms were created originally in Microsoft Office 4.2 (for windows 3.1 - HA!) and some have been upgraded for use in Office 97 (double HA!). It might be a different algorithm for Word 2000 than it is for Word 5 or 97.

checksum !?

potentially unnoticed?

what about an md5sum of the document? ITS NOT HARD

Microsoft Word Forms Passwords Hacked

Well, what are the passwords, then?

Re:Microsoft Word Forms Passwords Hacked

"Netscape Engineers Are Weenies"

Re:Microsoft Word Forms Passwords Hacked

I think the password is "passworde" spelled in the olde englishe to be extra tricky.

The shame's in the design not the hack

[dnoyeb]

If the program claims that you can lock a document against modification, then shouldn't it provide verification of that? Or does it believe in its infallability.

I know MS word includes signatures, why wouldn't a signature be an automatic feature on a locked document???

shame.

Messy

[icemax]

This could become a very large legal problem for Word users that rely on this type of protection to (legally) prove that files have not been tampered with (think FDA submissions for pharmacuticals).
I see this being a larger problem in the future, when MS Office DRM is used on most files assuming that these files will follow the orderes encoded into their DRM. Imagine a file that is supposed to self-destruct in 10 months as part of a document retention lifecycle. Two years from now, a tape backup of that file is subpoenad and the DRM is hacked so that the file is openable, leaving said company liable for its contents previously thought destroyed.
I don't mean to rag on Microsoft or its protection schemes, more on those who use these weak means as a method of security in their infrastructure. A good server-based file protection model will always trump a good in-file-based protection model.

Re:Messy

[actiondan]

Do you really think that anyone uses the edit-password on a word processor as legal proof that a document has not been tampered with?

Do you really think that MS will use this sort of weak approach to protecting documents (which doesn't actually encrypt the document at all - just tells word not to let the user edit it) when they roll out full DRM?

Dan.

Re:Messy

[shamage]

A Password protected document would not be good enough for the FDA. Over the last few years the pharma industry has gone CFR Part 11 mad. A document will have to be digitaly signed by software that has been validated with PQ and OQ. Adobe Acrobat is good enough. more details at http://www.fda.gov/ora/compliance_ref/part11/

Re:Messy

This could become a very large legal problem for Word users that rely on this type of protection to (legally) prove that files have not been tampered with (think FDA submissions for pharmacuticals).

Do you honestly think the pharmas are that dumb?

They use outlook for email but that's the end of microsuck.

(pharmas == trustworthy) != (microsoft == untrustworthy)

Excell too

I'm not sure how this compares to the same feature in Excell, but I've done this for years on Excell 2000 files. I've used these powers for good, not evil, mostly for fellow employees who've locked their documents, only to forget their passwords months later. Then I've had to instruct them on proper computer usage.

Apparently, the "do one thing well" paradigm of Unix escapes people in the MS world. Use your document creation software for document creation, not security. Use encryption software to protect data. Use filesystem permissions to prevent other people from changing your files. And please don't provide sensitive information to the world located in "Hidden" fields that have been "Locked". A trivial dump of the file reveals all of the information intended to be hidden. And simple knowledge of the file format in question allows all the changes you want.

First time I hear about a flaw

[jmv]

...before I even heard of the feature itself.

Time to buy a Dell

[Vooch]

hehe

Please mod parent down (-1, DMCA Troll)

[setzman]

Did you RTFA? Apparently not. They told Microsoft about it before releasing it. If Microsoft didn't want this released to the public, they might would have done something about it before now.

Mod up for the anonymous coward!

Hi all,

Microsoft Word provides an option to protect "forms" by password. This is
used to ensure that unauthorized users cannot manipulate the contents of
documents except within specially designed "form" areas. This feature is
also often used to protect documents which do not even have form areas
(quotations/offers etc.).

This form protection can easily be removed without any additional tools
(apart from a hex-editor).

Please find the full advisory attached.
Overview:
Word provides an option to protect "forms" by password. This is used
to ensure that unauthorized users can not manipulate the contents of
documents except within specially designed "form" areas. This feature
is also often used to protect documents which do not even have form
areas (quotations/offers etc.).

(Word users will find this option on the "Tools" menu, entry
"Protection", select "Forms" there and provide a password)

If a Word document is "protected" by this mechanism, users cannot
select parts of the text or place the cursor within the text --- thus
they cannot make any changes to the document.

Description:
When saving protected Word-documents as html-files, Word adds a
"checksum" of the password (enclosed in a proprietary tag) to the
code. The checksum format looks somewhat like CRC32 but currently
there are no further details available. The same checksum can be
found within the original Word document (hexadecimal view). If this
"checksum" is replaced by 0x00000000 the password equals an empty
string.

Example:
1.) Open a protected document in MS Word
2.) Save as "Web Page (*.htm; *.html)", close Word
3.) Open html-document in any Text-Editor
4.) Search "" tag, the line reads something like
that: ABCDEF01
5.) keep the "password" in mind
6.) Open original document (.doc) with any hex-editor
7.) search for hex-values of the password (reverse order!)
8.) Overwrite all 4 double-bytes with 0x00, Save, Close
9.) Open document with MS Word, Select "Tools / Unprotect Document"
(password is blank)

Variation:
If the 8 checksum bytes are replaced with the checksum of a known
password it should be fairly easy to unprotect the document, make any
necessary changes, save, close and reset the password to the original
(unknown!) password by simply restoring the original values. Document
changed without even knowing the password. Nasty.

(Note: Take care to get file properties (author, organisation,
date/time etc.) right.)

Solution:
No solution is currently available. Do not rely on the "Protect
Forms" mechanism to protect a Word document against changes.

Credits:
Magnus from the Microsoft Security Response Center for his fast
responses and for showing a decent sense of humour. :-)

Cryptographic signing

[Peaker]

If you don't want your document to be changed by others, why don't you crypto-sign it?

Its not specific to any specific document format or type and requires no extra features/code on the behalf of every program. Ofcourse "Password-protecting yadda yadda yadda" sure sounds good on a feature list of a word processor, even if completely useless.

Re:Cryptographic signing

[Fammy2000]

I would have used Quantum Encryption, personally.

Obligatory Futurama Quote:

Announcer: Checking the electron microscope... And the winner is 3, in a quantum finish!

Professor: No fair! You changed the outcome by observing it!

Side effects

[IGnatius+T+Foobar]

Unfortunately, this only gives them another excuse to shift the Office file formats to something that is encrypted, DRM'ed, patented, etc.

Hello DMCA

[NanoGator]

I got $.50 that says Microsoft goes after Security Focus via DMCA. If that day comes, don't pretend to act surprised. It ain't right, but it's happened before elsewhere.

Re:Hello DMCA

You'd best save that $.50 for the bus ride back to Idiotville.

Re:Hello DMCA

[NanoGator]

"You'd best save that $.50 for the bus ride back to Idiotville. "

I'll buy you a beer when I get there.

Someone please mod parent insightful. [NT]

Someone please mod parent insightful.

Microsoft's response

[Ben+Hutchings]

Microsoft pointed to this Knowledge Base article. Choice quote: "Not all features that are found on the Security tab are designed to help make your documents and files more secure."

Re:Microsoft's response

"the feature was never designed to help protect your document or file from a user with malicious intent."

LOL! So all this time, microsoft hasn't even been trying! Oooohhh, gotcha!

Re:Microsoft's response

[Burpmaster]

Reminds me of an old article on how Outlook Express viruses affect Mac users:

Will the virus impact my Macintosh if I am using a non-Microsoft e-mail program, such as Eudora?

If you are using an Macintosh e-mail program that is not from Microsoft, we recommend checking with that particular company. But most likely other e-mail programs like Eudora are not designed to enable virus replication.

Tags fixed.

Full thing.

-----------------------

1.) Open a protected document in MS Word
2.) Save as "Web Page (*.htm; *.html)", close Word
3.) Open html-document in any Text-Editor
4.) Search "<w:UnprotectPassword>" tag, the line reads something like
that: <w:UnprotectPassword>ABCDEF01</w:UnprotectPassword >
5.) keep the "password" in mind
6.) Open original document (.doc) with any hex-editor
7.) search for hex-values of the password (reverse order!)
8.) Overwrite all 4 double-bytes with 0x00, Save, Close
9.) Open document with MS Word, Select "Tools / Unprotect Document"
(password is blank)

Weren't .ZIP files worse?

[British]

IIRC .ZIP files were stored in plaintext, so you could easily unlock it with viewing it in a hex editor.

Re:Weren't .ZIP files worse?

[tuffy]

pkzip files have always had genuine data encryption (the sort that isn't viewable with a hex editor), but that encryption has traditionally been quite weak. I'm unsure if the new schemes are any better, but I doubt many people use that aspect of pkzip files anyway.

Re:Weren't .ZIP files worse?

[oddfox]

Interesting, thanks for the info!

I wonder if RAR is so vulnerable? I store a bit of my own personal (sensitive) data in .rar archives, password protected and encrypted (Well, at least the filenames are, I dunno if the data is). I know there are programs that brute-force a password for RAR but I don't know of any that crack the encryption and such. :)

Text of advisory, including hex editor hack.

Overview: Word provides an option to protect "forms" by password. This is used to ensure that unauthorized users can not manipulate the contents of documents except within specially designed "form" areas. This feature is also often used to protect documents which do not even have form areas (quotations/offers etc.). (Word users will find this option on the "Tools" menu, entry "Protection", select "Forms" there and provide a password). If a Word document is "protected" by this mechanism, users cannot select parts of the text or place the cursor within the text - thus they cannot make any changes to the document.

Description: When saving protected Word-documents as html-files, Word adds a "checksum" of the password (enclosed in a proprietary tag) to the code. The checksum format looks somewhat like CRC32 but currently there are no further details available. The same checksum can be found within the original Word document (hexadecimal view). If this "checksum" is replaced by 0x00000000 the password equals an empty string.

Example:
1.) Open a protected document in MS Word
2.) Save as "Web Page (*.htm; *.html)", close Word
3.) Open html-document in any Text-Editor
4.) Search "" tag, the line reads something like
that: ABCDEF01
5.) keep the "password" in mind
6.) Open original document (.doc) with any hex-editor
7.) search for hex-values of the password (reverse order!)
8.) Overwrite all 4 double-bytes with 0x00, Save, Close
9.) Open document with MS Word, Select "Tools / Unprotect Document" (password is blank)

Variation: If the 8 checksum bytes are replaced with the checksum of a known password it should be fairly easy to unprotect the document, make any necessary changes, save, close and reset the password to the original (unknown!) password by simply restoring the original values. Document changed without even knowing the password. Nasty. (Note: Take care to get file properties (author, organisation, date/time etc.) right.)

Solution: No solution is currently available. Do not rely on the "Protect Forms" mechanism to protect a Word document against changes.

Credits: Magnus from the Microsoft Security Response Center for his fast responses and for showing a decent sense of humour.

Hmm

[oniony]

go potentially unnoticed

Surely, that should read "potentially go unnoticed"?

Secure feature?

[JairVBJunior]

Microsoft says this Form protection is a feature to prevent accidental changes of a document. I wonder how can someone open a document, make a "accidental" change and then still save it.

If you shouldn't need to edit the doc, why are you using a editor?

Re:Missing Possessive

You aren't allowed to be a punctuation nazi if you can't even get your correction correct. "Forms's" is wrong.

A little salt...

[Aardpig]

My understanding of the hack is this: it is possible to unlock a word document or form (i.e., make read-only parts writeable), modify it, and then re-lock it with the original password, without ever having to know what the original password is.

Which then raises the question: in the hashing algorithm Microsoft is using to scramble the password, why the hell aren't they adding in some cryptographic salt?. If they had made the scrambled password (which is leaked when a locked document is saved as HTML) depend not only on the cleartext password, but also on the read-only parts of the document, then they wouldn't have this problem: a hacked document re-locked with the same scrambled password would have a different salt, and therefore a different cleartext password. D'oh!

Re:A little salt...

It wouldn't be hard to unlock the document, change it, lock it again, and diff the salts that were generated to modify the final password.

What they SHOULD do is embed the MD5 hash of the entire document into the document somewhere. Let's see someone break that!

NOT a feature, clearly a BUG.

[GillBates0]

The article references this advisory page in the Microsoft Knowledgebase which was presumably added after the author contacted "Magnus" at Microsoft Security.

The page is titled: "Overview of Office Features That Are Intended to Enable Collaboration and That Are Not Intended to Increase Security", and reeks of hindsight. Microsoft notes that these features were never intended to increase security, but were designed to encourage collaboration.

But on the other hand, they also say:
"Information About Strong Passwords To reduce the chances of someone guessing your password, use only strong passwords.
For a password to be a strong password, it should meet all the following criteria:
* Be at least seven characters long. Longer passwords are more secure.
"...etc.

Why would users be encouraged to use strong passwords, not easily guessed by malicious users etc, when they were just intended to avoid accidental modifications? The document is clearly a lame attempt my M$ to coverup a serious vulnerability by suggesting that the feature was not designed to provide security. However, I bet they would not have hesitated to tout it as a "security feature" in Microsoft Word, had the vulnerability not been found.

Re:NOT a feature, clearly a BUG.

[lurker412]

The KB article may well be trying to paint a bug as a feature. However, it does state clearly that using a password to open will encrypt the file. The discussion of strong passwords applies to the password to open, not the password to modify.

OK, so now that I have defended MSFT a tiny bit, I feel justified in highlighting another KB quote about the Protect Forms feature:
This feature helps prevent trustworthy users from making changes to a form.

WTF?

Re:NOT a feature, clearly a BUG.

[phiwum]

Any idea how to find the last-modified time of that page?

Re:NOT a feature, clearly a BUG.

[Mike+Hawk]

This feature helps prevent trustworthy users from making changes to a form.

Thats actually the good use for this feature, and how we use it here at work. The document is read and edited by many people, but for the fields or areas that might be formulas or otherwise automatic, we don't want a secretary accidently changing them. Nor does the secretary. The secretary is a "trustworthy user" who is allowed to edit certain parts of the document so we don't need real encryption or protection; the Protect Forms just prevents accidents from happening in other parts.

We wouldn't use Protect Forms to prevent an untrustworthy user access, another type of security would be used. This whole thing is alot of FUD.

Re:NOT a feature, clearly a BUG.

[phiwum]

Lame bastard. Why don't you RTFA like zidslaw suggests in this post.

Stealing from his post, we see:

2003-11-27 confirmed receipt from: secure microsoft com

2003-12-03 Note from Microsoft, Form protection "is not intended as a full-proof protection for tampering or spoofing, this is merely a functionality to prevent accidental changes of a document", request additional time to update Microsoft Knowledge Base article.
Targetting beginning of January 2004 for release of this advisory.
from: "Magnus"

(No flamebait mods, please. I'm allowed to criticize my own damn post.)

Re:NOT a feature, clearly a BUG.

I'm Sorry, where do you work?

It seems to change for every given argument you post.

Good Work!

[polyp2000]

This is excellent news. The more Microsoft continues to prove itself as market leaders in security the more copies of Windows XP SP2 they can sell.;)

nick ...

FIRST!

First Post, suck it, bitches.

Easy to crack manually

[pmann79]

I've modified "protected" Word documents by opening them in Notepad and scrolling through the last few lines until I find a string of plain text that looks like a password (i.e. isn't a username or Word setting). Although this takes a bit more time for the searching, there's no need to modify the password at all.

HELLO SIR FROM DELL NIGERIA

[asternick]

It has come to our attention that you have need of a modren computer of the protable varietal. I HUMBLY REPRESENT THE OFFICES OF THE DELL WHO HAVE IN OUR POSSESSION A SPECIAL PRICING IN ORDER TO DELIVER MODREN COMPUTERS OF THE PROTABLE FOR A MERE ONE HUNDRED US DOLLARS ($100.00). PLEASE FIND ATTACHED THIS QUOTE WHICH I AM SURE YOU WILL REMAIN IN THE STRICTEST CONFIDENCE.

Digital Millennium Copyright Act (DMCA) not DCMA

[NoSuchGuy]

But how gives a shit on these acronyms that does not match or obscure the real reason for these laws.?

The
HR
passes the
"Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism"
(USA PATRIOT ACT)
and then the
"Terrorism" Information Awareness" (TIA) or "Total" Information Awareness (TIA)
and now the United States Visitor and Immigrant Status Indicator
Technology Program (''US-VISIT'');

What does all these have in common?
They all sound soooo harmless!

An easy way to accomplish the same thing

[urlnotfound]

Works with all author known versions of Word:

1. Open the Word Document.
2. Save it as Rich Text (RTF) format.
3. Open the new RTF document.
4. Unprotect the document.
5. Save as Word document.

It oes not give you the password or let you save with the password intact, but is a very useful 'cheat' I have learned.

Fine, yell at me for not RTFA immediately.

[The+I+Shing]

Yeah, I read the article after I posted in order to satisfy the curiosity that I expressed in my post about whether or not they were warned.

Sure enough, they were, and they blew it off.

Kind of makes me think of the Monty Python Crunchy Frog sketch when Mr. Hilton tells the man from Hygiene Squadron that his company's "Ram's Bladder Cup" chocolate treat is "garnished with lark's vomit."

"Lark's vomit?!"

"Correct"

"It doesn't say anything here about lark's vomit!"

"It does, actually, at the bottom of the label after monosodium glutamate."

"I hardly think that's good enough! I think it would be more appropriate if the box bore a big red label, 'WARNING: LARK'S VOMIT!'"

Similarly, I think it would be more appropriate if using the password feature on a Word document would bring up a big red alert dialogue box that reads "WARNING: YOU'RE NOT REALLY SECURING THIS DOCUMENT AT ALL!"

Maybe it does do that and people just ignore it. I've never used the feature, so I wouldn't know.

Re:Fine, yell at me for not RTFA immediately.

"I hardly think that's good enough! I think it would be more appropriate if the box bore a big red label, 'WARNING: LARK'S VOMIT!'"

Our sales would plummet!

OpenOffice

[tds67]

I would like to see this hack become a feature in OpenOffice.

0% Security and 100% Trouble

[dimss]

All password protection that Microsoft use in their products is an eternal source of inconvenience. There was at least three cases in last five years when we had to use (il)legal cracking tools to recover _our own_ data in MS Access and MS Words when employee forgot password.

Implications

[Fjord]

When SecurityFocus was asked about the implications of this finding, they would only comment "Dude, we're getting some Dells!"

This is worse than no protection

[Zork+the+Almighty]

Totally ineffective protection like this is worse than no protection at all. Thank you Microsoft for another useless "feature" which gives bad people an edge.

Re:Missing Possessive

Nasssty formses, they stoles it from us, yesss...

You misunderstand...

[wirelessbuzzers]

Not everyone who uses a computer is a geek, you know.

Yes, but everyone who programs for Microsoft is a geek. Their security people should understand this, and make a resistant system.

DRM in Office 2003 is unaffected

[kylef]

First of all, if you read the article, you will understand that Microsoft has not been advertising these "Word document passwords" as true security mechanisms. Microsoft has been pushing its new DRM Features in Office 2003 as the Microsoft-approved method to secure Office documents.

In fact, I doubt Microsoft really put much effort into making these document-modification passwords all that secure. They have been around for quite some time, and I doubt they have changed much or improved much over the years. I don't know anyone who was relying on these document passwords for their security, and Microsoft did not advertise this as a great feature of Word. In fact, the bug itself is limited in scope to protecting Word FORMS from being modified.

In any case, the new DRM features in Office 2003 are much more sophisticated and will no doubt be much more difficult to crack. THESE are the security features that Microsoft is pushing today, and if you really want to lambast Microsoft Security, then you must point out a way to subvert these newer technologies that Microsoft is actually pushing.

It would be very big news indeed if someone could succeed in copying an Outlook 2003 email marked with a "Do Not Forward" permissions flag. Indeed, if someone could even READ such an email on an unauthorized email client, Microsoft's newest security policies would be questionable. Until then, I'm not convinced this is anything more than FUD trying to convince people that Office is inherently insecure.

Re:DRM in Office 2003 is unaffected

[Overly+Critical+Guy]

I don't know anyone who was relying on these document passwords for their security, and Microsoft did not advertise this as a great feature of Word. In fact, the bug itself is limited in scope to protecting Word FORMS from being modified.

None of that matters, because Slashdot loves to post any minute "security flaw" of anything even remotely affiliated with Microsoft. It doesn't matter that there's a better technology that they've been advertising as actually secure (if someone uses standard password-protected forms in Word as a full-proof security measure, you know where the security fault lies), or that this only affects Word Form, or anything else. It still becomes big headline news because this is Slashdot.

Re:DRM in Office 2003 is unaffected

[budgenator]

no the problem is clueless people are possibly using an unitentional alteration avoidance mechanism as a security mechanism.

Re:DRM in Office 2003 is unaffected

[sydb]

Sorry, I've never read the word "protect" as meaning "avoid unintentional alteraion". To me "protect" means "secure (vb)."

Re:DRM in Office 2003 is unaffected

[TheSpoom]

How to crack an email with a "Do Not Forward" flag:

1. CTRL-A.
   
2. CTRL-C.
   
3. Alt-Tab.
   
4. CTRL-V.

If the document contains non-text data, you can also try the following method of retrieval:

1. Print Screen.
   
2. Alt-Tab.
   
3. CTRL-V.

DRM cannot truly limit the rights to content of the authorized recipient. There are simply too many ways around it.

Re:DRM in Office 2003 is unaffected

[cookd]

Excellent point. The "lock" that has been broken is just that -- a lock, designed such that those who only use Word to edit the file can't edit the file without the password. This is the same as saying that a lock on a door is only effective against those who only come in through the doorway. The file isn't encrypted in any way, just locked. It is just a flag that tells Word to not let you view or edit the file until you've provided the password.

There have always been a lot of ways around this lock. First, you can always generate a matching password (equivalent to picking the lock on a door). Or you can just zero out the password field in the file (the point of the "Security Advisory" linked in the article), which is like taking a door off of its hinges (I'm nearing metaphor breakdown here, but you'll just have to deal with it). Or you can just use some other editor (a hacked version of Word, a hex editor, or an Open Source editor) that lacks the programming to enforce the lock flag. That would be like ignoring the door and going for an open window or the back door or something. (Metaphor over, you can open your eyes now.)

Remember that the file format was designed back when any non-trivial encryption was evil, and exporting it was considered espionage. Also remember that Word is targeted at students, teachers, and soccer moms just as much as it is targeted at CEOs and lawyers. The average Joe is satisfied with the trivial lock, and in fact would probably prefer less security, since that means if he/she is careless and forgets the password, the document can still be recovered (cost/benefit analysis: potential for damage if the document is opened by an outsider * probability that it will be opened by an outsider --versus-- potential for damage if my password is lost * probability that I will lose my password). Most people aren't protecting documents against evil government agents -- usually it is just their little brother or the guy in the next office that they need to keep out.

Anyway, the bottom line is that this was never meant to be a safe deposit box, not even barbed wire and chain link. It is a simple lock, and just as a good screwdriver or a pair of bolt cutters can get you past a lock in no time, a real computer person would never even blink if confronted by something like this, and Microsoft never advertised it as anything else.

On the other hand, they are now advertising new encryption and protection features that are the real thing. This time, they are making a strong claim of decent encryption: if you don't have the appropriate certificate, you're going to have a very hard time opening this document. Of course, once it is opened, the "Do Not Forward" or "Do Not Save Unencrypted" flags are once again just trivial locks, but that is a separate issue -- you have to open the document before you could do that.

Re:DRM in Office 2003 is unaffected

Overly Critical Guy hasyet to put forward a coherent or logical argument for his tired and continually discredited views. He sure hates Slashdot, but he continues to post here!

Re:DRM in Office 2003 is unaffected

[overturf]

> (suggestion to cut-and-paste or screenprint as a method of bypassing OF2003 DRM)

Sorry, you've clearly never tried your suggestions. They both do not work, as they are explictly disabled. You can't even connect with a kernel debugger and get the data out.

Now, sure, you can point a webcam at the screen, or you can whip out a pad of paper and a pencil and transcribe -- but these are not really problems with a technology solution.

Re:DRM in Office 2003 is unaffected

[budgenator]

Dude nothing is secure, my user directory is password protected, but if somebody really wants in, eventualy they'll get in.. It' a matter of the cost of cirumvention being greater than the benifits of circumventing that protects things not a particular technology, or even Microsoft market-speak.

Re:DRM in Office 2003 is unaffected

[sydb]

Well, if nothing is secure, then there is no such thing as a security mechanism, and your original post is meaningless (or theoretical).

If what you are saying is that Word's document protection feature is broken or badly implemented, then say it. The only "unintentional modification avoidance mechanism" I can think of is the read-only flag. This is outwith the scope of security because it does not involve authorisation or authentication, the two components of access control, which is generally the same as security in computing.

The addition of a password is clearly intended to limit access (to those who know the password); limiting access falls under authorisation, which is a security concept.

Re:DRM in Office 2003 is unaffected

[kylef]

All editing features (such as copy/cut/paste) are explicitly disabled in a DRM Office 2003 document. Print Screen also does not capture the screenshot bitmap of a DRM Office 2003 document. It seems that [gasp] Microsoft knew these activities might be possible and decided to prevent them.

As of today, the ONLY method known to "forward" an email or document with access permissions restricted is for its intended recipient to manually sight-copy it character by character. And if the document includes non-text items (such as an image), this is obviously quite difficult or even impossible.

You are obviously correct in that there is no way to prevent an intended recipient from giving away "secrets" he or she has seen in a protected document. No protection mechanism can stop that. But you can absolutely prevent an intended recipient from copying the original document and sending it along to someone else whose view the author did not indend.

Oh My!

[RedA$$edMonkey]

I can't believe they found a security hole in a Microsoft product. What has the world come to.

Re:Nothing New - I know....

[captaink]

um.. his "generic password" isn't a "generic password" at all.

It is just a password that generated the same hash as his password.

MS allows most users to think they are secure.

[Futurepower(R)]

There is a pattern here: Put in passwords, call it "protection", and allow users to believe they have security, when then don't. For example, Bart's PE Builder allows access to Windows XP systems, and changing the passwords, even when the password to the recovery console is not known. Recovery Manager changes passwords.

Much ado about nothing.

"A ZDNet UK article says Dell uses password protected Word files to send quotes, which could make for a messy legal battle."

ZDNet overreats. All Dell has to do is digitally sign the word files with gpg. Better yet, screw Word files and distribute digitally signed PDF quotes.

Word files are meant to be edited. This stupid password security is a bolt on hack to try to make Word files do something they were never intended to be in the first place: secure electronic documents. There are, and have been for a long time, much better solutions.

Re:Much ado about nothing.

[gnu-generation-one]

"All Dell has to do is digitally sign the word files with gpg."

Dell customers...

Enough clue to use GPG...

I'm not seeing the connection here?

Re:Nothing New - I know....

[amw]

I just checked your generic password

Excuse the pedantry - the grandparent post didn't provide a 'generic' password, just one that had the same hash value as the password 'test'.

(try protecting a Word 2000 or 2002 document with the password 'test', then unprotect it with the given password)

Re:Nothing New - I know....

[captaink]

you might also be interested in this comment

Dell Protects Quotes?

[akmolloy]

This isn't true for us. I work for an .edu and get quotes from Dell for stuff on a weekly basis. All of Dell's quotes come as an HTML attachment.

MOD PARENT DOWN, -1 : OSS SHILL

nt

This method doesn't work for me

[JPM+NICK]

I have a password protected word file from a teacher's edition of a text book on Java Programming. I just tried to open it, and if you do not enter the password correctly, you can not do anything. No re-saving it as a webpage, no editing it in notepad.

Re:This method doesn't work for me

[fishbowl]

Screen shot and OCR? Dictaphone and a secretary?

Re:Test Message

Follow up

Word Form Crack Actually Work?

[major.morgan]

Has anyone actually tried this method? I had several folks call me saying they couldn't actually save the HTML with the password (they get a warning that it will be removed). I have also tried and get the same thing?

Re:Word Form Crack Actually Work?

[netmask]

It gives that error if you apply "Protect Document" under tools.

They are talking about the feature under:

Tools/Options/Save and then use a 'modify' password.

Re:Word Form Crack Actually Work?

[major.morgan]

Have tried that also. Unless I am missing something, the vulnerability appears to be bogus. Starting to notice that others are unable to reproduce and at the same time I have found no claims on the web that anyone can.

I would be suprised if Magnus @ MS Security responded if it couldn't be verified - though that would show how much they take security seriously.

*maybe it only works in the German version of Word

Re:Johnathan Asbutte

If I knew someone with such a name, I'd make sure that it sucks.

Checksum == modification check

[ryen]

>removing any trace of the modification.

modification can be checked using a checksum of the original and suspect files. that is.. if the user knows how to obtain the checksums.

Microsoft at it's best.

[jrockway]

Microsoft Word is the best product ever. It's the only text format that can carry viruses, and now it isn't even secure. Can anyone say digital signature?

You can't forge those without a supercomputer or two. Geez.

It really looks like M$ goes out of their way to be stupid. I mean I could come up with a better document encryption scheme, and I'm still in high school.

Here it is: digitally sign the document if you don't want people modifying it. If you do modify it, digitally sign the diffs. Easy. To prevent people from reading it, encrypt it. It's simple, really. We have tools available for this, anyway. Just type your quote "I'll give you 3000 of model xyz for $31337. OK?" and feed it to gpg. Done. No need for proprietary formats, no need to shell out $500 for Office. It's done more securely, simply, and cost-effectively. I don't understand why people use M$ garbage!

(And I know I'm going to get a reply like "How do you write papers without Word, smartass." LaTeX. Look at this essay for an example. :)

Re:Microsoft at it's best.

[fishbowl]

"You can't forge those without a supercomputer or two. Geez."

More to the point, if you found that you could forge an encryption format that's generally accepted, you would be in a position to choose any target you'd like. With this ability, you could probably find sufficient legitimate endeavors so that you wouldn't need to commit fraud anyway, at least for the short time that you remain the only person who can routinely break "strong" encryption. It would be a super-power for a while...

Re:Microsoft at it's best.

[Insipid+Trunculance]

personally i disagree.M$ makes known that its password protection isnt secure.Nice to know that Latex is here but my grandma doesnt use it.

get over it.

M$ makes OS for the masses and by their requirements does reasonably well.

Else apple and linux would have been on a different level altogether.

Re:Test Message

Sorry, we can't read you in Tallahassee.

TRY ALL CAPS.

Last Save By...

[WordUpCousin]

Does anyone bother to check the "Last Save By" field in the document's properties? Shouldnt that give away the fact that the doc was edited?

Another question.
When Dell sends a quote, $3000 for a server for example, why would the customer EDIT the quote and return it.. wouldnt the Dell Sales Rep create ANOTHER quote and send it to the customer? Seems silly to me..

A bit worrying...

[sameyeam]

...that a big company such as Dell could be stupid enough to assume that word's password system would be secure. I mean, anyone who's used a computer for a few years knows that password protection like this is very rarely secure...look at the laughable "protection" on zip files for another example. If you want something to be secure you encrypt it...obvious, painless and free.

I bet Bill Gate's car is easy to steal...

[wcrowe]

Sure, he locks the doors, but then he leaves the windows rolled down.

Re:Missing Possessive

Actually it does need a possessive. The "passwords" belong to the forms. But technically "form" should be singular, since the phrase implies the plural, so it doesn't need a possessive.

Ah, English. Where there are more ways than Perl.

Quotes are offers and subject to negotiation

[coyote-san]

A while back I read an article on the legality of manually changing the HTML form used by some shopping cart software. Is it legal to change the price of a plasma screen TV to $250 instead of $5000? Could you force the seller to honor the adjusted price?

The answer, surprisingly, is that the "hacker" had an excellent chance of winning in court. Quotes are offers and subject to negotiation. The burden is on the offerer to verify that the counteroffer is acceptable - they are always free to reject any counteroffer and insist on the original price. The company can either pay to have somebody check the prices in counteroffers (or to have somebody automate that check), or it can absorb the loss when it automatically accepts such counteroffers.

Re:Quotes are offers and subject to negotiation

[Raven42rac]

You are correct. A price quoted on a website is an offer. It is not binding. They can check it over and then if they accept it they charge you and you get your goods.

So this is where we publish our hacks?

[PetoskeyGuy]

From http://www.scalabium.com/faq/dct0153.htm

Today I want to show how you may load some xls-file that is password-protected, and how to save xls into another file but without protection.

var
xls, xlw: Variant;
begin
{load MS Excel}
xls := CreateOLEObject('Excel.Application');

{open your xls-file}
xlw := xls.WorkBooks.Open(FileName := 'd:\book1.xls', Password := 'qq',
ReadOnly := True);
{save with other file name}
xlw.SaveAs(FileName := 'd:\book2.xls', Password := '');

{unload MS Excel}
xlw := UnAssigned;
xls := UnAssigned;
end;

Just replace there file names and password Not sure if it works on the latest version. Office Automation - coming soon to a worm near you.

Re:So this is where we publish our hacks?

[EvilTwinSkippy]

You forgot "PROFIT!!!"

No wait, that's only for financial projections in Excel.

Re:So this is where we publish our hacks?

[PetoskeyGuy]

Not if you've installed the Enron Accounting Module. It can produce a profit calculation regardless of the input. Usually offset by a number of complex random graphs to include in the shard holders report.

Signed PDF

[Qrlx]

This came up at work. What happens if: You send out a contract as a Word doc email attachment. Customer changes the language of the contract, signs it, prints it, then mails it back. We could easily sign that without noticing the difference.

We decided to send out digitally signed PDFs instead.

Re:Signed PDF

[Koldark]

If the PDF is created as a text PDF, that can be modified in notepad. I have modifed one myself once. Not a contract though, and I don't know what the digital signatures would do to it.

Re:Signed PDF

[oliphaunt]

And if you were in a business where contracts mattered, you would send dead trees...

Re:Signed PDF

[Chester+K]

What happens if: You send out a contract as a Word doc email attachment. Customer changes the language of the contract, signs it, prints it, then mails it back. We could easily sign that without noticing the difference. We decided to send out digitally signed PDFs instead.

Unfortunately that doesn't close the "customer changes it, prints it, signs it, sends it back, and we sign it without noticing" hole.

Re:Signed PDF

[Cardbox]

This is why the only secure way of dealing with contracts is preprinted boilerplate with space for hand-writing the variable details.

Re:Signed PDF

"We could easily sign that without noticing the difference."

Shame on you for signing a contract that you haven't read. (You *thought* you had read it, but that's not good enough.)

You deserve the consequences if you sign something without reading it. And if you are in a situation where it could "easily" happen, your problems start someplace else anyway.

Re:Signed PDF

[EvilTwinSkippy]

Nobody wants to hear that the best solutions are the simple ones, I'm afraid.

The straightforward and simple ones. Hell, Lao Tzu said as much a few thousand years ago. There is a portion of our population that is just plain devious. They think that by being clever they can make the rules not apply to them.

That's why we like the first matrix movie so much. The heros could do what we always wished we could do, literally 'think' their way out of our normal physical bounds. Come on, everyone admit it. Ok, that and Kate Moss in spandex.

Re:Signed PDF

Kate Moss?

I think you have the wrong woman.

Do What (Good) Lawyers Do

[SPYvSPY]

Run a comparison against the original in DeltaView or some other third party app. Then you'll see the changes, no matter what monkey business intervenes.

Password protection as legal defense is foolish

[WeeGadget]

To expect that password protection in documents can prevent modification to a document is utterly foolish... if a file can be read, its bytes can be changed and saved as a new file.

The only legally defensible approach to digital document integrity is digital signatures with public/private keying. Digital signatures do not prevent modification, but instead can be used to prove that a document has been modified without consent of the original signer.

Current digital signature technology is capable of providing overwelming legal proof that the integrity of a document is tied to the secrecy of a private key.

Oddly enough, the legal strength of digital signatures is frightening to businesses. If Dell price quotes were digitally signed, and someone presented a Dell price quote with valid digital signature in court... Dell's only defense would be that Dell made a mistake... or that someone got access to the private key without Dell authorization. That's a difficult legal position for Dell. Better to use some cheesy pasword-in-the-document crap that is easily discredited in court, so Dell can claim the quote has been tampered with and therefore not binding.

I don't mean to pick on Dell in particular... I think many companies are wary of digital signatures because of their legal strength.

Jono

snake oil

[MoFoQ]

isn't this old news? That M$ and security is a contradictory tautology?
It's more secure to use ZIP (not WinZIP since WinZIP has a security weakness) or better yet, use RARs.

Can't have it both ways

[CaptainSuperBoy]

I'm sure that some people here are laughing at Microsoft for its "lax security." Of course if you really wanted to protect a Word document you could use Office 2003's built-in encryption features, which rely on Windows Rights Management. Yet the people who criticize Microsoft for Word's "security hole" are also the most vocal opponents to anything having to do with trusted computing, including Windows Rights Management. You can't have it both ways, you know. You can either accept that Microsoft's WRM already has a solution to this issue, or you decide that the additional security that WRM provides isn't worth the imagined "privacy and freedom" implications. But don't say that MS should make their file formats more secure while at the same time dismissing WRM.

Re:Can't have it both ways

[Anonym0us+Cow+Herd]

I don't know what "both ways" you're talking about.

I can assure you it is possible to have secure encryption, secure digital signatures without DRM.

GPG and PGP are examples of both, without DRM.

Try reading the book Applied Cryptography.

It would be most certianly possible to encrypt a document using a password, using a secure encryption mechanism, such that it cannot be decrypted without the password.

Similarly, it is possible to take a secure (i.e. MD5) hash of a document, and then compare that document if it comes back to you to be sure it is the original. Applied Cryptography details numerous protocols for conducting business, signing documents, and many other useful things. All securely. All without DRM.

Re:Can't have it both ways

[major.morgan]

I think we are all talking about 3 different levels of security here. The document security in Office docs is pretty basic (and apparently flawed), but it's intent is to prevent casual and/or accidental changes to a file - not as a robust security mechanism. Moving up to utilizing encryption/signatures does provide strong protection against changes to a document as well as providing verification of a document's origin or integrity. WRM/DRM provides something entirely different on top of that - distribution control. The ability to prevent someone from making a copy of a document (and optionally changing the copy), forwarding the document or even keeping a copy in another location. These are powerful abilities ON TOP of what signatures/encryption provide and something probably very attractive to corporate/governmental entities. I think everyone's problem with DRM is that information is no longer free - it can be controlled, and even made to dissappear (even from those who have a copy and had access at one point). That is a social problem and not a security one per se.

The bottom line is that Microsoft does have a secure answer for protecting documents - it's just a question of if you want to accept the consequenses of using it.

Re:Can't have it both ways

[Anonym0us+Cow+Herd]

I'm sure that some people here are laughing at Microsoft for its "lax security." Of course if you really wanted to protect a Word document you could use Office 2003's built-in encryption features, which rely on Windows Rights Management. Yet the people who criticize Microsoft for Word's "security hole" are also the most vocal opponents to anything having to do with trusted computing, including Windows Rights Management. You can't have it both ways, you know.

My argument is with this statement you made. The last sentence. You can have it both ways.

You CAN have no-DRM, and also have security.

The fact that Microsoft Office 2003's security relies on WRM is Microsoft's problem.

Yes, I should poke fun at their poor security. At the same time, Yes, I should critize them for promoting DRM. In so doing, what I'm asking for is both: (1) security, and (2) no-DRM. And you CAN, CAN, CAN have it both ways.

Re:Can't have it both ways

You CAN have no-DRM, and also have security.

Except that your methodology is DRM. DRM isn't some hocus pocus magic, it's PKI.

Re:Can't have it both ways

[major.morgan]

I do agree - security is possible without submitting to DRM (i.e. having it both ways). You just can't have it both ways with Microsoft. They have chosen to position their offerings at the opposite ends of the spectrum - 'not really secure' and 'secure + DRM'. My point was that DRM does actually provide something beyond encryption/signatures, and there is good and bad that comes with that.

BTW- I wasn't responsible for the original comment.

Re:Can't have it both ways

[tiger99]

Can you trust Windoze Rights Management? I can't recall a single Microsoft security feature, EVER, that was secure.

To have any degree of confidence, the algorithm would need to be open to inspection by anyone, as is often stated by the experts. That can only be done in an open source environment.

It is amazing that people who have been caught out again and again by the defective junk produced by the Convicted Monopolist continue to believe that the next product will be better than what went before, when the track record is one of constant FAILURE. Yes, that is right, MICROSOFT AND PARTICULARLY BILL GATES ARE FAILURES. What is truly amazing is that people, by their stupid purchasing of junk, put these people there, and keep them there, and continue to imagine that their products are the best.

But, the automobile industry in several parts of the world including the US and the UK used to be like Microsoft, producing JUNK. (Junk for different reasons in these markets, the US junk were bloated, ugly, gas-guzzling, with bad handling, poor brakes, and lots of other problems, but might have been put together well, but the in UK were often elegant, economic designs which were actually nice to drive when they were working, but invariably put together very badly, due to a combination of mismanagement and union troubles. The common element in both cases was that there were always some details where the designers had been utterly negligent, and these never got fixed, even through many years of revisions and updates.) Look what hapened, Mr Honda, or maybe Mr. Toyota or Mr. Datsun had an idea one day, and said "let us implement proper QA systems and give proper attention to detail" or words to that effect. They first cleaned up their home market (their products had also been junk at one time) and then they clobbered the manufacturers of junk worldwide. None of their products were outstanding, often the handling was a bit dull, there was not a nice "European" feel, for example, nor did they have the edge where fuel consumption was concerned, but they were and are put together carefully, and for the first few years of their life were and still are extremely reliable. They almost wiped out the native US and UK industry, because their products, although a bit dull for the discerning driver, were simply reliable.

The same will happen to the junk software industry, one day soon it will only have a niche market, like Rover or maybe Chrysler, a mere shadow of its former self. The reason will be that people would prefer a slightly dull OS, without quite all the bells and whistles, that is reliable. Now, the Japanese, and indeed most Oriental nations, are embracing Linux and Open Source. It is quite obvious what will happen, PCs will start to come from the factories in the Orient with a good, stable, slightly stodgy software suite already installed. People will notice the stability, security, low cost, and will hardly notice a few missing features that they don't use anyway. Mircrosoft, just like Rover, will be selling off parts of their campus to property developers in order to survive.

And all because they systematically, over many years, FAILED to attend to the real issues.

The impact

[dtfinch]

The problem is not that this hack allows you to edit protected documents, because anyone who can read it could just reproduce the document from scratch, and the password protection is not intended to prevent reading. The problem is that after editing with the hack, the document is still protected with the same password. Previously, if the document was still protected, you could be sure that only someone who had the password could have edited it.

They should not have stored just the password hash, but rather a combined cryptographic hash of the password and the form. Then it would be computationally infeasable for someone without the password to edit the form without detection.

Plus a 32 bit unsalted hash is pretty goddamn weak in the first place. You gotta wonder where their 6+ billion a year (only 1/5th of their revenue) R&D budget goes. Certainly not even 1/100th of that goes into their products.

This is all a bit silly

[JackAsh]

I mean, honestly.

What the author is complaining about here is that someone can take a WORLD OPENABLE FILE and modify it.

This is the exact same thing that we see on Slashdot every other day regarding DRM files. Repeat after me: If you can open it, you can change it. Heck, you can probably cut and paste the contents into a new unprotected Word document!

The only news here is that you can "reinsert" the password into the document. Big whooptie doo. Because if I were to publish a form in a public location I would not keep a protected backup elsewhere for it.

What's next?

"A researcher has discovered that by opening a document on one PC he can retype the document on the PC to his right in an unprotected format. The style of the document needed a little tweaking to match the original, but it was doable".

I mean, SERIOUSLY. These files merely have a small protection against being overwritten accidentally. If you want real protection in the Microsoft world, use EFS, share permissions, something else.

Word has a couple levels of protection:

1) Change protection. This is merely a stupid password to make sure you don't accidentally change the document, make sure you can only write in certain fields, etc. It's a poor man's DRM.

2) Read protection. This is true encryption. It was really poor under Office 95, but from Office 97 and forwards it has been significantly strengthened, to the point where it's now a pure brute force attack. Pick a line from a song as a passphrase and you won't break the document open in a million years.

Office 2003 is supposed to have some magical DRM properties that go even beyond these capabilities in that you can permission a document to be readable but not printable, you can forward only within an organization or you can expire the document in three days. When we see an article on how to break that (beyond digital camera and OCR) I'll be impressed.

-Jack Ash

Re:This is all a bit silly

[man_ls]

The enhanced rights management requires a server on the network to orchestrate it; none of that checking is done within the file itself.

Only effective within an organization really.

Somewhat OT Electricity Story

[chadjg]

I helped a family member install a washer/dryer set. It took 220v/60hz and he hadn't installed the plug onto the bare wires.

We asked my dear cousin if the breaker was set to "off," asked her to double check, and then went to work. I went to work and accidentally bumped the wires, causing a huge arc about 2 inches in front of my eyes.

I was lucky to live, folks. I'm not sure who the bigger fool was, me or my cousin. The leson is that a wire isn't dead until you have personally checked it, and checked it again. Even then you have to be careful.

I'm pretty new to high voltage electronics and information security, but I have learned a lesson.

It seems to me that even if you use this Word feature, and know what it does, you can't count on your documents being secured. Another ignoramus will come along and screw it up and you won't know it. I really despise half solutions. They are as useful as almost making jump over the Grand Canyon.

Now, we all know what the information security equivalent to lockout/tagout is, right?

Done venting now, thanks.

Re:Somewhat OT Electricity Story

[zcat_NZ]

220V?!!! OMFG You could have been KILLED!!

Sheesh, get hard. All our household wiring is 240v, and I've done plenty of work 'live' on it. Had a couple of shocks too!

Anyway, I'd just like to point out how totally insecure Linux is; on almost any major distro you can boot with init=/bin/bash, remount root and change the root password. If you make a backup of /etc/shadow you can even set it back afterwards. CF Windows, where you at least need a bootable install CD to change the admin password and cannot trivially restore it back to what it was!

Re:Somewhat OT Electricity Story

[madcow_ucsb]

He could have been. Usually it'll just hurt a lot since the current'll only flow thru your fingertip or something.

But even our pussy 110 can fuck you up right good if it goes hand to hand thru your torso...it's all about what path the current decides to take.

It takes about 100mA in the right place to kill you. Different bodies have wildly different resistances, but it takes a lot less to kill you than a lot of people think. So go ahead and work on the 240, but best to do it with one hand...

Re:Somewhat OT Electricity Story

[epsalon]

The correct way to work with electiricity

1. Tell everybody you're going to work on XYZ
2. Shut down electricity to working area
3. Test your tester screwdriver with a LIVE socket to make sure it works
4. Test the place you are working, do make sure it's not live
5. Work as if the wires were live anyway, and periodically re-test

I once turned on electricity to where my father was fixing something (he didn't tell everybody), and he managed to find it out before hurting himself.

Re:Somewhat OT Electricity Story

[prefect42]

Unless you bother with a bootloader password, and set the BIOS to only boot the hard disk... So yes, if you don't bother with any security, then it's not secure.

Re:Somewhat OT Electricity Story

[Mikkeles]

1. 
   
2. Tell everybody you're going to work on XYZ
   
   
3. Shut down electricity to working area
   

2a. Post a sign at the shutoff
2b. Tape over the circuit breaker or fuse opening

Submitter's information about Dell is incorrect

Dell doesn't use those types of files to send out quotes. They just send out HTML emails with the quote information, and the contact info of the salesperson and their quote number. This isn't an insecure situation because the sales agent knows what quotes they've sent out, and the quote number will pull that (and only that) information right back up, no matter what some silly person might do with the email they were sent.

Even if someone did modify those emails and send them to a different rep, the rep is just going to punch in the quote number (which would have the correct price) to get the configuration up instead of messing around redoing the configuration.

that's old..

Funny, About a year ago some client asked me how to edit password protected M$ Word documents. After some fiddling i discovered when exporting the the file to HTML and removing the obvious "Forms" tags and importing it again, the password was gone. It's been on my site since for people to abuse because i love M$ ..yeah right!

http://www.lostboi.com

Irreproducible?

[major.morgan]

Myself and others have tried to reproduce the bypass and cannot. I have created several forms documents as well as found existing ones to try it on. Whenever I save as HTML, the w:UnprotectPassword tag is not present. Initially I had problems with the HTML compatibility settings, which I got worked out, but even after using every logical combination of settings I still do not get the tag. I have tried different methods of protecting the document, still no password hash in the HTML.

I can easily bypass the document protection, but not in a way that is not noticible.

What am I missing or has anyone successfully reproduced?

Re:Irreproducible?

[major.morgan]

I forgot to add a little flame attractant:

I'm beginning to wonder if this is another example of blind MS bashing - OOOH look how insecure they are again - without even seeing if it's true. On the otherhand I suppose after as many verified holes, another one isn't that hard to accept on it's face.

Re:Irreproducible?

[tribal]

I have had the same results. Can anyone offer any suggestions to reproduce this?

Re:Irreproducible?

[g.law]

In a way, I wish it were true. My organization uses Office forms heavily - for colaborative puposes - and the forms are protected for the user's convenience, not to protect valuable information. I have a few forms that were created by my predecessors that are broken and cannot be easily fixed or reproduced without the password, which has long since been lost, or a lot of free time. I was excited when I read that I should be able to get into them finally and fix them. But disappointed when I could not reproduce the results. If anyone is able to reproduce this, please post more information.

Dell quotes

[greygent]

Weird, we never get Dell quotes as .DOC files. They're always .HTML

This is so *old*

[moeffju]

I can't say how much it annoys me that something this simple and old makes it to SecurityFocus, let alone Slashdot.
I have been doing this since some years to get rid of forms protection, and there are many ways to.
Saving as RTF works, saving as HTML (the full-blown word format), then deleting the password (as done here) works, save as HTML, then copy&paste to a new word document (does not copy the password) etc. pp...

Try this

This will work to crack in excel. Maybe word too? Just goes to show how cake these passwords are to crack!

Sub PasswordBreaker()
'Author unknown

Dim i As Integer, j As Integer, k As Integer
Dim l As Integer, m As Integer, n As Integer
Dim i1 As Integer, i2 As Integer, i3 As Integer
Dim i4 As Integer, i5 As Integer, i6 As Integer
On Error Resume Next
For i = 65 To 66: For j = 65 To 66: For k = 65 To 66
For l = 65 To 66: For m = 65 To 66: For i1 = 65 To 66
For i2 = 65 To 66: For i3 = 65 To 66: For i4 = 65 To 66
For i5 = 65 To 66: For i6 = 65 To 66: For n = 32 To 126

ActiveSheet.Unprotect Chr(i) & Chr(j) & Chr(k) & _
Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & _
Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
If ActiveSheet.ProtectContents = False Then
MsgBox "One usable password is " & Chr(i) & Chr(j) & _
Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & _
Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
ActiveWorkbook.Sheets(1).Select
Range("a1 ").FormulaR1C1 = Chr(i) & Chr(j) & _
Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & _
Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
Exit Sub
End If
Next: Next: Next: Next: Next: Next
Next: Next: Next: Next: Next: Next

End Sub

Comment removed

[account_deleted]

Comment removed based on user account deletion

How about this one?

[whterbt]

KB article 189126, two clicks away from the article referenced in the parent, offers this nugget of wisdom:

The password-protection systems built into Microsoft programs are designed to be unbreakable; there would be no point in including a password-protection system that could be broken.

Well, then, Microsoft, why is there a breakable password system in your product?!

Re:How about this one?

[mosschops]

The further down the same article it says "However, you may be able to obtain assistance from a third-party password breaker."

What part of unbreakable don't they understand? :)

Confused

[shaunbaker]

I'm really not sure what all the fuss is about. I don't think Microsoft made any real errors in designing this feature this way. The new DRM stuff they are coming out with is where the real security is and if that were to be broken then this "hack" would be a big deal. This feature is more just a nice tool for office use so that you can send out a form over email and get it back, completed and in the proper format.

They key is stored hashed in the file, no one, not even Microsoft ever touted this as true security, but good enough for the intended use without making it so complex as to make the feature unusable for the average joe office clerk.

Nice

[AmishSlayer]

> IIRC .ZIP files were stored in plaintext, so you could easily unlock it with viewing it in a hex editor

YDNRC (you do not recall correctly)... zip files use XOR or some other simple encryption measure with the password as the key, it is not stored. The best Zip crackers take hours to crack a zip with a password length over 6 characters.

PKzip has a patent on and is using real encryption on their zip files which offers much greater protection than a zip file.

some forms of XOR are not weak

[js7a]

Remember, XOR is used for one time pads, the strongest form of encryption.

XOR against a passphrase is weak.

XOR against a repeating secure (irreversible) hash of the password is technically weak but in practice very strong unless the message is dozens of times longer than the hash.

XOR against a successive concatination of secure hashes is strong, fast, and simple. There is no reason to believe 3DES is any stronger. Plus, it's the same algorithm for encrypting and decrypting. Pseudocode:

1. secureXOR(input[], key):
2. pad = SecureHash(key); /* e.g. MD5 or SHA[1-n] */
3. length = LengthOf(SecureHash); /* e.g. 128 for MD5 */
4. ptr = 0;
5. output[ptr..ptr+length] = input[ptr..ptr+length] XOR pad;
6. if (ptr > sizeof(input)) return(output[]);
7. pad = SecureHash(pad);
8. goto 4;

Re:some forms of XOR are not weak

[jrockway]

Here is another XOR algorithm.

Re:some forms of XOR are not weak

XOR is a simple mathematical function. It is not any form of encryption. If what you XOR against is generated in a cryptographically sound way, then the cyphertext is also cryptographically sound. Your meaningless spew of pseudeo-crap is irrelevant to the article and to the thread you posted to. Lurk a little longer to learn how to karma whore.

Re:some forms of XOR are not weak

[TheMidget]

If what you XOR against is generated in a cryptographically sound way, then the cyphertext is also cryptographically sound.

I'm not usre whether you're trolling, or just being serious, but in some circumstances, XORing can weaken a cipher. Take as an example WEP, which is based on RC4 encryption, but rather than encrypting the transmitted data itself with RC4, it XORs its data with an RC4-generated repeating stream of data. RC4 by itself would be sound, but the way of applying it makes the setup weak.

The attack against WEP does not attempt to crack RC4 (i.e. find out the WEP keys programmed into the access point), but it merely tries to find out portions of the blocks XORed against the data.

Re:some forms of XOR are not weak

[chgros]

There is no reason to believe 3DES is any stronger
The fact that it's been studied for several years before being accepted as a standard ? Besides, 3DES is relatively weak, and there's AES to replace it (which has also been thoroughly studied).
It takes a lot to have a secure algorithm.

Re:some forms of XOR are not weak

[js7a]

The fact that [3DES]'s been studied for several years before being accepted as a standard ?

Please correct me if I am wrong, but last I heard, there is still an unresolved question about a trapdoor in DES.

It takes a lot to have a secure algorithm.

I think that may be something of a myth. Are there any reasonable attacks against XORing with a chain of secure hashes? MD5 has been around for over a decade, and nobody thinks it can be reversed yet. There aren't even any known collisions as far as I know.

Re:some forms of XOR are not weak

[Olivier+Galibert]

And if you can guess the original value of any of the length-sized blocks you can xor the pad out and decrypt the whole document from this point onwards. As it happens, file headers tend to be predictable.

Also two files encrypted with the same key will use the exact same pad. That's not good, and one of the reasons rc4 is frowned upon nowadays.

XOR is very, very hard to use correctly.

OG.

Re:some forms of XOR are not weak

[js7a]

And if you can guess the original value of any of the length-sized blocks you can xor the pad out and decrypt the whole document from this point onwards....

Good point. Start from the middle of the file and wrap around?

Also two files encrypted with the same key will use the exact same pad.

Yeah, I remembered that one last night. Salt the keyphrase with a random 32 bits; append the salt to the cyphertext. No longer the same algorithm for encrypting and decripting. Any way around that which keeps the same algorithm?

Re:some forms of XOR are not weak

Take as an example WEP, which is based on RC4 encryption, but rather than encrypting the transmitted data itself with RC4, it XORs its data with an RC4-generated repeating stream of data.

XOR'ing with a repeating stream of data does not constitute "XOR(ing) against (that which is) generated in a cryptographically sound way" Now who's trolling? What I wrote is an absolute. You did not point out an exception. If fact, you support my assertion quite well...

Re:some forms of XOR are not weak

[Olivier+Galibert]

Don't try to fix it. Crypto algos design should be left to professionals, and I'm very much not one. I suspect, from memory, that what you're looking for, that is turning a hash into a cypher, is called "HMAC". Google for it :-)

OG.

Don't forget DRM!!!

[Captain+McCrank]

I've experimented with some of the Digital Rights Management features for email and office files in office 2k3, and they allow you to give certain people permission to read a file, but not copy (highlight&copy) or print it... For all the bitching about MS and DRM, it's actually pretty killer. No longer do I need to have a "password protected" excell file filled with passwords :^)

I can just give people access to the files independent of a something-you-know credential (outside of whatever's necessary for logon).

It's pretty rad.

Usually doesn't matter

[dbIII]

The only times people have emailed me password locked Word files they've included the password in the email! Anyone with a clue that has sent me information in word format which they didn't want the world to see has compressed it with zip and password locked the archive, simply to save space in transit.

DRM

[Overly+Critical+Guy]

According to Microsoft, the password protection feature on Word is not intended to be secure, but should be regarded as a means to protect documents against accidental modification.

That isn't exactly news. The DRM in Office 2003 is what they've been pushing as the professionally secure method to keep documents from prying eyes. This Word Forms standard password-protection is just that, standard password-protection.

Re:DRM

Overly Critical Guy has yet to put forward a coherent orlogical argument for his tired and continually discredited views. He sure hates Slashdot, but he continues to post here!

Unprotecting Word documents the easy way.

Save the document as RTF. Close the document and re-open the RTF version. Unprotect it - you will not be asked for a password.

not protection but authentication

[wayne606]

Let's get the terms right - this has nothing to do with protection but rather with authentication. Anybody who relies on something like this that's short of RSA would be fooling themselves. And what's the point of Dell signing their quotes - is it so that customers who say "see, you promised me this system for $29.95" can be proven to be lying? Don't they store copies of all quotes they send out?

Re:Missing Possessive

[Zontar+The+Mindless]

> IAAPN (I Am A Punctuation Nazi): the headline should read "Microsoft Word Forms' Passwords Cracked" or "Microsoft Word Forms's Passwords Cracked".

Apparently IKEGBTYD (I Know English Grammar Better than You Do): Wrong. Nouns being used in a partitive or atttributive sense are not possessives and do not require apostrophe + s. (You say "C compiler" and "dog food", and not "C's compiler" and "dog's food", right?)

The headline is correct. Hard to believe since this is ./, but true.

And besides that....

...The 'secure' file can easily be edited and the original password re-inserted, removing any trace of the modification. And then again, the hack allows someone to download such a file, edit it, and restore the password...effectively allowing changes to the file to go potentially unnoticed.

And as so....

why dont they...

... just gpg/pgp sign the bloody thing?

Stinging indictment of Dell.

[i_r_sensitive]

Really the thing I think we all should be taking from this is that Dell has some real morons making some rather important decisions...

Why anyone would choose to use a Word document for the purpose Dell used it is completely beyond me. Are they so brainwashed over there that there was no exploration of the alternatives? Particularly in view of the fact that the app vendor (M$) specifically does not promote the use of that feature for securitys sake.

Really Dell, STFU, your precious relationship with Microsoft does not preclude using your brains when making software selections for sensitive processes like binding quotes...

On the plus side, I'm sure I've got a Dell quote somewhere in the office... Hmmm, laptop for $15 anyone?

Re:Stinging indictment of Dell.

What format should they use then?

I mean - it sounds like an MD5 would be sufficient; or possibly just a good ole file signing.

Re:Stinging indictment of Dell.

[i_r_sensitive]

Personally, for a binding thing like a quote, I'd use fax.

Fax leaves a good paper trail, is transmitted over a private network, not nearly as liable to interception, with legally mandated service requirements. There is no amibguity with faxing, you feed the sheet and it goes or doesn't, you know right away.

For B2B, I'd say this is the safer solution. B2C you probably aren;t sending quotes back and forth like this. They pay, or they buy elsewhere.

"Protection" is not what you think it is!

[Tsu+Dho+Nimh]

"password to modify" is used to prevent a user from altering the base text, usually accidentally.

It does not prevent the form from being used normally - any user can fill in the form fields. If, as the BugTraq report states, "This feature is also often used to protect documents which do not even have form areas (quotations/offers etc.)" the authors of those documents are incredibly stupid.

Under Tools/Options/Security is the better password protection scheme - you can use the "password to open" or just "password to modify" to allow reading but not changing the file. It's not invinceable, but it's not as easy to crack as the "forms" password.

Re:"Protection" is not what you think it is!

[BlacKat]

Um, you can use "Password to Open" which apparently encrypts the entire file, however, the "Password to Modify" does not and is what was hacked. ;)

not that kind of quote

they send you one of these:
"Dood! You're getting a Dell!"

the article was a joke

[BubbleNOP]

This article is false. I just tried this in Word 2000 with a protected document. When I try to save it as HTML it brings up a dialog box saying that "some of the features in this document aren't supported by Web browsers" and "Password to unprotect document for tracked changes, comments and forms will be lost". In the resulting .html there is nothing about the password.

Clearly the article was a joke. The Credits at the end of it give it away: "Magnus from the Microsoft Security Response Center for his fast responses and for showing a decent sense of humour. :-)"

Re:the article was a joke

[DaCool42]

There is a thread about this vulnerability on bugtraq. I would suggest you go there for first hand info.

oops

[js7a]

5. if (ptr > sizeof(input)) return(output[]) else ptr += length;

Submitter's information about Dell is correct

[Trejkaz]

The submitter didn't say Dell use password protected Word files to send quotes, they said they "a ZDNet UK article says Dell uses password protected Word files to send quotes"

MS HACK

[coyotedata]

MS "Programmes" are just computer games, so why is hacking of them news.

Not only was it never intended to be secure

[Tristandh]

...like many people pointed out, it has been known for almost a week (since january 2nd to be precise).

Definition of one-way function

A function which is easy to compute but whose inverse is very difficult to compute.

Source: FOLDOC

Re:Definition of one-way function

[mpe]

A function which is easy to compute but whose inverse is very difficult to compute.

A "many to one" function will work well since it's inverse would have to be "one to many". If the fuction used is "one to one" then it's inverse would also be "one to one".

Non-linear, not one-way

[IncohereD]

A one-way function is simply some function which is not one-to-one. For example, consider the length function L which maps words to integers, e.g. L("bob")=3, L("A")=1.

Think this one through. The algorithms used to sign PGP/GPG messages are one way. The reason being is that it's hard to come up with something else that maps to the same value.

Using your length function example, considering the two e-mails from Alice

"I love Bob"

"I hate Bob"

Would both parse to 1 4 3. Which means Eve could flip Alice's feelings for Bob, without invalidating the signature.

That, my friend, is a crappy 'one-way' function. So crappy, that's it's not really one-way.

The "multiple inputs give the same output" thing just means it's non-linear. And all that that implies.

Re:Non-linear, not one-way

[chgros]

The "multiple inputs give the same output" thing just means it's non-linear
The correct term is injective. Linear is a wholly different matter. A linear function may give the same output for several inputs ; the constant 0 is linear.

Re:Non-linear, not one-way

There is a lot of FUD spewing around on this story. What makes a function one-way is -not- the ease of finding collisions. That's what you are talking about when you find another value with the same hashed output, it's a collision. What a one-way function defines is rather a function that creates an output that is unfeasible to be able to use to find the original inputs. This more or less means that to be considered "one-way", and not broken, it would have to be easier to brute force then to perform any mathematical operations on it.

This isn't to say that just because you have to brute force it, it is a -good- one-way function. A good one has several aspects, including being resistant to the collisions that you talk about.

cryptographic signing

Maybe the people designing this garbage should take an introductory cryptography class. I think solving the problem of refutability is explained in the first class... Then again, most users are too dumb to understand how to use cryptography so I'm not sure who's dumber.

Checksums anyone?

[RedHat_Linux_Man]

This hack allows someone to download such a file, edit it, and restore the password...effectively allowing changes to the file to go potentially unnoticed.

And that my Dell friends, is why they invented checksums.

Word is insecure crap, anyway

[Safety+Cap]

Woody's Office Watch had a good writeup (and followup) as to why you shouldn't use Word for anything sent out to the public. The problem he sites is that Word stores all kinds of things that you probably shouldn't disclose to just anyone, such as...

1. Last document editor's name, initials, and company
2. Computer name last edited on
3. Path (incl server name) of last save (Remember all those hacks that require the miscreant to know specific file path & names?)
4. Previous editor's names
5. Number of revisions and versions
6. Template name and path
7. Any hidden text
8. Comments

This is why you distill DOC to PDF before passing it around or posting it on the web, so none of the aforementioned information is inadvertently released. Yes, someone can still change it, but that's what digital signatures are for.

Side note: PDF Passwords ARE TRIVIAL to break. Don't try to protect your PDFs from printing/copying/etc. with the built-in "security." It takes about 15 seconds with publicly-available software to crack any PDF.

Mod this troll back down

[PhrackCreak]

Why bite? What two ways is captainsuperboy talking about? Why is microsoft's trusted computing the only available answer when decades of solid math can be used to actually protect documents? Why is WRM the answer, when RSA, ElGamal, SHA signatures have been in place, and have been cryptoanalyzed by scientists?

Please, mod this troll back down.

Easier Way

Open the protected document in Word, then Save,As to Type Word 6.0/95 (or another earlier version that didn't support these passwords). Close Word, re-open the Word 6.0/95 document, and then Save,As the latest Word format.

That gets rid of the password, too.

Why not use a DC?

[inf0rmer]

The only people that I know that use the password protect feature in Word are the sort of people that think locking their doors at night will keep the bad guys out - it ain't so...

I've used Digital Certificates to protect the authenticity of Word documents for some time now, and it's a failsafe method.

An even easier way

[ngyahloon]

Use Openoffice to open the password protected doc file. Save as another doc file. Hey presto! The password protection feature is gone. It worked for my open-standard-unfriendly digital scroll that came with some souped-up digital signature, it should work for any other documents.

We had a demo of this years ago

[Zog+The+Undeniable]

It was on an Excel spreadsheet, but the utility worked on Word too.

The basic principle of securing documents is logical access controls (e.g. passwords) == poor; encryption == good.

Same applies to your hard disk. If it's not encrypted, I can either change your admin password or just stick the hard drive in one of my machines.

what a joke

Microsoft is a joke -
can't really say anymore
except switch to Linux/BSD
and be free of there supposedly
great software.

Client side security compromised

film at 11.