[Gllug] Distribution Pecking Order So far

Paul Nasrat pnasrat at uk.now.com
Thu Oct 25 14:16:17 UTC 2001


On Thu, Oct 25, 2001 at 02:51:55PM +0100, Alex Hudson wrote:
> On Thursday 25 October 2001 2:27 pm, you wrote:
> > > I would be surprised if they had broken rc4(?) encryption.
> >
> > *blink*
> >
> > *blink again*  :-)  Where did that come from?
> >
> > They aren't encrypted, they're password protected.  The file's left
> > entirely intact, with a flag set in the document 
> 
> Really... I suppose that's why all those Word/Excel 97/2k crackers run 
> dictionary attacks on the file... much more efficient than ignoring a flag.

Yup RC4 

http://support.microsoft.com/support/kb/articles/q278/6/79.asp

Hmm, http://www.password-crackers.com/pwdcrackfaq.html

It looks as if you may be able to a key rather than a dictionary attack,
but still brute force (although slightly more efficient).

This seems to be the method used by most password recovery places.
Although I'm suprised no one has provided an free way of doing this.
I guess with a bit of toying you could set up a key brute forcer.  I
think the computation time is 7-10 days from what I've read.

Quick digging implies password hashed by md5 and the document RC4'd with no salt or seeds.

Hmm, time to dig out Applied Crypto from under the crap on my desk...

Paul

-- 
"we apologise for any inconvenience" - God's Last Message to His Creation
Courtesy of Douglas Adams

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list