The administrator can use this public key and matching private key later, if asked, to remove the password protection. When using Excel, Word and PowerPoint a public key information can be saved in the file header. There is an important difference between using this utility and encrypting files using Office 2013 (or later). Please don't contact me to send you how-to instructions, as I honestly do not know how it is done! Your files cannot be recovered, if passwords are lost, unless your Office installation is' backdoored'. The tool was tested with both Transitional and Strict ISO 29500 OOXML Excel files. Password opening protection can be removed almost instantly from files in batch, if passwords are known. Files are encrypted with the same strong AES algorithm (128 or 256) as used by Office. Hacking aside, normal Office users or developers can use this utility to encrypt or decrypt closed files from the command line in a batch process. However, the authors claim that it would be much easier to backdoor encryption in an undetectable manner in cloud environments. The attack does not seem easy to deploy on desktop installtions undetected.
I read the presentation and I encourage every IT admin or developer who is security minded to do so. Then, an attacker can use the master key to decrypt almost instantly Office documents, no matter what file open password was used. In summary, Shigeo along with his friend and Microsoft MVP Yoshinori Takesako discovered a vulnerability in the file format specification that may allow an attacker to decrypt strongly encrypted Office documents without knowing the passwords! This is possible by tricking MS Office into creating an undetectable secret master key, when encrypted documents are created. You can read about his presentation at the Code Blue 2015 international security conference in Japan here. The tool was developed as a proof of concept to demonstrate that backdooring Microsoft Office documents with secret master keys is feasible.
0 kommentar(er)
