摘要: 根据微软官方文档、OpenOffice文档及wvWare实现等完全公开的信息,对RC4流密码及其在微软Office系列中的实现进行分析,认为Office 97~2003所默认使用的40 bit加密方式较不安全,通过结合Rainbow预计算攻击方法,证实其脆弱性。通过研究,建议不使用默认的“Office 97/2000兼容”40 bit加密,而采用更安全的“Microsoft Enhanced Cryptographic Provider”128 bit加密,或者使用压缩软件进行二次加密,从而进一步提高安全性。
关键词:
RC4流密码,
预计算攻击,
微软Office,
文档安全
Abstract: According to the open information from the Microsoft official documents, the OpenOffice documents and the wvWare project, this paper studies the RC4 stream cipher and its implementation in the Office 97~2003. The analysis discovers that the default 40 bit encryption method used by Office 97-2003 is very weak and insecure. Coupling rainbow precomputation attack, the encryption can be broken in 1 min~2 min. This paper suggests users do not rely on the default 40 bit “Office 97/2000 Compatible” encryption to protect your confidential information. On the contrary, the 128 bit “Microsoft Enhanced Cryptographic Provider” is preferred. It also recommends that users adopt the stronger encryption algorithm provided by compression softwares better when better security is necessary.
Key words:
RC4 stream cipher,
precomputation attack,
Microsoft Office,
document security
中图分类号:
何克晶. RC4流密码与微软Office文档安全分析[J]. 计算机工程, 2009, 35(23): 130-132,.
HE Ke-jing. Analysis of RC4 Stream Cipher and Microsoft Office Document Security[J]. Computer Engineering, 2009, 35(23): 130-132,.