• všechny e-ziny od 9/1999
  • celou databázi NEWS
  • soutěže 2000-2011
  • další články a BONUSY

Security - News


Crypto - News | Security - News

02 / 2005
Vybrali pro vás: TR - Tomáš Rosa, JP - Jaroslav Pinkava, PV - Pavel Vondruška, VK - Vlastimil Klíma

Microsoft chybn? implementoval šifrový algoritmus RC4 !


Microsoft uses the RC4 stream cipher in both Word and Excel. According to a paper by Hongjun Wu - The Misuse of RC4 in Microsoft Word and Excel "In this report, we point out a serious security flaw in Microsoft Word and Excel. The stream cipher RC4 with key length up to 128 bits is used in Microsoft Word and Excel to protect the documents. But when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is applied to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered easily."

It's an amateur crypto mistake. The easy way to prevent this attack is to use a unique initialization vector (IV) in addition to the key whenever you encrypt a document.

Zdroj: http://www.schneier.com/crypto-gram-0502.html#4
Autor: PV

Design: Webdesign