Most of the starvation could be solved if (not to make fun) we sent them luggage instead of food. They live in a desert with no food or water.. That's not a tragedy, that's natural selection.
At least credit Sam Kinison. (Not like he's gonna do anything about it.)
If the passwords were of sufficient length, and encrypted with 128 bit encryption as is an option in newer versions of Word, then this is a moot point.
If your password contains more than 128 bits of entropy, then your 128 bit key has less entropy than your password. This implies more than one password could generate the same key (a.k.a. a hash collision). Nothing moot about that!
On the other hand, I believe the spec is about 1.8 bits of entropy per character for passwords, so to exceed 128 bits of entropy, you'd have to use >64 characters in the password, a rare occurance in practice.
The difference between theory and practice? Well, in theory, there is no difference...
You can attach encrypted checksum to it. To change document someone would have to know your password to encrypt new checksum.
You know, I shouldn't even respond, but since you're not AC, I will...
Do not confuse authentication with defeating DRM. I said, if you can read it, you can copy it. (Actually, I said Bruce said. For reference, I recommend "Applied Cryptography" by Bruce Schneier. He's the Bruce I'm referring to. Good stuff!)
Now then, how does your checksum scheme defeat copying? Do you think anyone who copies the "uncopyable" cares? Or, if authentication is your issue, would you like to discuss the many ways authentication can be attacked? (For several ideas, read Bruce's book!)
OK, replying to your own post is lame, but here are the encryption types available under Word 2003:
Weak Encryption (XOR) Office 97/2000 Compatible RC4, Microsost Base Cryptographic Provider RC4, Microsoft Base DSS and Diffie-Hellman Cryptographic Provider RC4, Microsoft DH SChannel Cryptographic Provider RC4, Microsoft Enhanced Cryptographic Provider v1.0 RC4, Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider RC4, Microsoft RSA SChannel Cryptographic Provider RC4, Microsoft Strong Cryptographic Provider
I especially love the XOR encryption! (At least they call it weak...) For the other types, you can spec a bit length between 40 and 128 bits. Now I'm not sure what MS does to "enhance" these encryption types, but there it is, for what it's worth... (I wonder if Whitfield knows his name is contained within MS Word?;)
Word document password protection has always been a joke. It's total cake to bypass it.
1. Open a new blank Word document.
2. Insert the protected document into the new document using the Insert command. You will NOT be asked for the password.
3. You now have the protected document, complete with formatting, content, etc., but with no password protection as your new document.
Nope, not since Office 98. Since Office 98, password protected docs are truly encrypted. It does indeed ask you for the password when you insert it.
And I just noticed that, in Office 2003 anyway, you can hit the "Advanced" tab and choose what kind of encryption you want (RSA, etc.), as well as bit length. Pretty cool!
If I recall, openoffice/staroffice can open "encrypted" Word and Excel documents without the requirement of a password. I know this used to work for older versions...
If your hack program only returns gobbledy-gook type passwords, how do you go about re-locking the document in such a way that your changes are undetected?
um, if your bruted password gens the same hash, why wouldn't the original (and unknown) password unlock it as well?
That's very interesting, but that's NOT what this article is about. This article describes how to modify "unmodifiable" fields. Here's the kick: Save the doc with "unmodifiable" fields as html and look at the source. There you will find a "key" in the metadata. Search for this key in the original doc with a hex editor. Zero it out, and voila, your fields are now modifiable.
Again, this article is NOT about how to remove a password from the document itself. Such docs are truly encrypted. (How well is an exercise left for the reader!;)
Not sharing the results with the net security people is the giveaway. They wanted to fire you, and told the consultants that that was their goal. I'm in the biz, and what they did was way outside of accepted practice. So who is the company? We'd like to know who to avoid. I know the Big Four play this game, for their love is for money, not the best interests of their clients...
I've been able to run multiple applications on a single system for many, many years now. It's called multi-tasking:) Or did they mean "running multiple operating systems on a single system", in which case isn't that redudant with the first part of the sentence (running both Windows and Linux on a single server)?
Also, wouldn't a "set of partitioning tools" be something like Partition Magic or fdisk? Or are we using a more generic form of the word partition? I've used VMware a lot, and I had to re-read this a couple of times just to make sure they weren't actually talking about something else.
If this comment isn't crying for a (-1, Karma Whore), I don't know one that does. I swear, reaping +1's from idiot moderators has become way too easy. OK, now give me my (-1, Offtopic).
AVGAS may or may not be diesel (or highly refined version), so what they have may or may not be running their generators. Even if it's not a dead-on comparison, the pricipal is still the same.
You think he's having a tough time without fuel? Try being a researcher with perpetual frostbite who happens to know precisely how much fuel it takes to keep the equipment running until the next supply comes in. Should I lower my environmental temp 2 degrees for three months for this guy? Not on my life!
It's not like he can fill up a five gallon can and be on his way. This guy is going to need some serious juice to get back where he came from...
Slashdot Mirror
Most of the starvation could be solved if (not to make fun) we sent them luggage instead of food. They live in a desert with no food or water.. That's not a tragedy, that's natural selection.
At least credit Sam Kinison. (Not like he's gonna do anything about it.)
"...unlike the DW4000 that has separate transmit and receive modems stacked together and linked by a 24-pin serial cord."
;) Hey, my mo is fine, but I think my dem is busted!
Kringe! I think they mean "unlike the DW4000 that has separate transmit mo(dulate) and receive dem(odulate) stacked together..."
Or change your MAC address on your windows box with this utility.
FYI, as of Office 2003, you have to have either W2K sp3 or WinXP. Office XP looks like the last one to support Win98.
;)
So we need a Windows version of SETVER.EXE?
If the passwords were of sufficient length, and encrypted with 128 bit encryption as is an option in newer versions of Word, then this is a moot point.
If your password contains more than 128 bits of entropy, then your 128 bit key has less entropy than your password. This implies more than one password could generate the same key (a.k.a. a hash collision). Nothing moot about that!
On the other hand, I believe the spec is about 1.8 bits of entropy per character for passwords, so to exceed 128 bits of entropy, you'd have to use >64 characters in the password, a rare occurance in practice.
The difference between theory and practice? Well, in theory, there is no difference...
You can attach encrypted checksum to it. To change document someone would have to know your password to encrypt new checksum.
You know, I shouldn't even respond, but since you're not AC, I will...
Do not confuse authentication with defeating DRM. I said, if you can read it, you can copy it. (Actually, I said Bruce said. For reference, I recommend "Applied Cryptography" by Bruce Schneier. He's the Bruce I'm referring to. Good stuff!)
Now then, how does your checksum scheme defeat copying? Do you think anyone who copies the "uncopyable" cares? Or, if authentication is your issue, would you like to discuss the many ways authentication can be attacked? (For several ideas, read Bruce's book!)
I understand that if you wanted two passwords, one for read rights, and one for write rights, then you can run into problems.
Just an insurmountable problem (so no problem, right?). Remember what Bruce sez, if you can read it, you can write it.
OK, replying to your own post is lame, but here are the encryption types available under Word 2003:
;)
Weak Encryption (XOR)
Office 97/2000 Compatible
RC4, Microsost Base Cryptographic Provider
RC4, Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
RC4, Microsoft DH SChannel Cryptographic Provider
RC4, Microsoft Enhanced Cryptographic Provider v1.0
RC4, Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
RC4, Microsoft RSA SChannel Cryptographic Provider
RC4, Microsoft Strong Cryptographic Provider
I especially love the XOR encryption! (At least they call it weak...) For the other types, you can spec a bit length between 40 and 128 bits. Now I'm not sure what MS does to "enhance" these encryption types, but there it is, for what it's worth... (I wonder if Whitfield knows his name is contained within MS Word?
Word document password protection has always been a joke. It's total cake to bypass it.
1. Open a new blank Word document.
2. Insert the protected document into the new document using the Insert command. You will NOT be asked for the password.
3. You now have the protected document, complete with formatting, content, etc., but with no password protection as your new document.
Nope, not since Office 98. Since Office 98, password protected docs are truly encrypted. It does indeed ask you for the password when you insert it.
And I just noticed that, in Office 2003 anyway, you can hit the "Advanced" tab and choose what kind of encryption you want (RSA, etc.), as well as bit length. Pretty cool!
If I recall, openoffice/staroffice can open "encrypted" Word and Excel documents without the requirement of a password. I know this used to work for older versions...
Not since Office 98...
If your hack program only returns gobbledy-gook type passwords, how do you go about re-locking the document in such a way that your changes are undetected?
um, if your bruted password gens the same hash, why wouldn't the original (and unknown) password unlock it as well?
That's very interesting, but that's NOT what this article is about. This article describes how to modify "unmodifiable" fields. Here's the kick: Save the doc with "unmodifiable" fields as html and look at the source. There you will find a "key" in the metadata. Search for this key in the original doc with a hex editor. Zero it out, and voila, your fields are now modifiable.
;)
Again, this article is NOT about how to remove a password from the document itself. Such docs are truly encrypted. (How well is an exercise left for the reader!
Crap... I thought I had a low ID number...
You're not required to incriminate yourself. They couldn't have forced her to post those photos. But she did, and she's busted.
Yeah, she's busted alright...
I am hardly a troll, I have perfect Karma.
;)
Um, unless every post you've made hits a +5, your karma isn't perfect...
(And mine will take a hit for this post!
"but the Slashdot database regularly becomes confused, such as posting a comment to the wrong story"
That's not the db... around here, we call them "trolls"...
;)
Yes. But it is pointless. I apologize for my reactionary reply. You didn't deserve it.
Not sharing the results with the net security people is the giveaway. They wanted to fire you, and told the consultants that that was their goal. I'm in the biz, and what they did was way outside of accepted practice. So who is the company? We'd like to know who to avoid. I know the Big Four play this game, for their love is for money, not the best interests of their clients...
Obligatory reg-free Google link here.
Billy Bob, don't cha think ya got a little too much time on your hands?
I've been able to run multiple applications on a single system for many, many years now. It's called multi-tasking :) Or did they mean "running multiple operating systems on a single system", in which case isn't that redudant with the first part of the sentence (running both Windows and Linux on a single server)?
Also, wouldn't a "set of partitioning tools" be something like Partition Magic or fdisk? Or are we using a more generic form of the word partition? I've used VMware a lot, and I had to re-read this a couple of times just to make sure they weren't actually talking about something else.
If this comment isn't crying for a (-1, Karma Whore), I don't know one that does. I swear, reaping +1's from idiot moderators has become way too easy. OK, now give me my (-1, Offtopic).
You must be in Europe! Consumer ISDN isn't even dead in the US. It was never alive to begin with.
AVGAS may or may not be diesel (or highly refined version), so what they have may or may not be running their generators. Even if it's not a dead-on comparison, the pricipal is still the same.
I claim 127.0.0.0/8. If I ever feel the urge to talk to myself, I'm always listening right there.
You have an AWESOME warez server! But I always seem to have whatever it is already... Get anything new lately?
You think he's having a tough time without fuel? Try being a researcher with perpetual frostbite who happens to know precisely how much fuel it takes to keep the equipment running until the next supply comes in. Should I lower my environmental temp 2 degrees for three months for this guy? Not on my life!
It's not like he can fill up a five gallon can and be on his way. This guy is going to need some serious juice to get back where he came from...