计算机工程
計算機工程
계산궤공정
COMPUTER ENGINEERING
2009年
23期
130-132,135
,共4页
RC4流密码%预计算攻击%微软Office%文档安全
RC4流密碼%預計算攻擊%微軟Office%文檔安全
RC4류밀마%예계산공격%미연Office%문당안전
RC4 stream cipher%precomputation attack%Microsoft Office%document security
根据微软官方文档、OpenOffice文档及wvWare实现等完全公开的信息,对RC4流密码及其在微软Office系列中的实现进行分析,认为Office 97~2003所默认使用的40 bit加密方式较不安全,通过结合Rainbow预计算攻击方法,证实其脆弱性.通过研究,建议不使用默认的"Office 97/2000兼容"40 bit加密,而采用更安全的"Microsoft Enhanced Cryptographic Provider"128 bit加密,或者使用压缩软件进行二次加密,从而进一步提高安全性.
根據微軟官方文檔、OpenOffice文檔及wvWare實現等完全公開的信息,對RC4流密碼及其在微軟Office繫列中的實現進行分析,認為Office 97~2003所默認使用的40 bit加密方式較不安全,通過結閤Rainbow預計算攻擊方法,證實其脆弱性.通過研究,建議不使用默認的"Office 97/2000兼容"40 bit加密,而採用更安全的"Microsoft Enhanced Cryptographic Provider"128 bit加密,或者使用壓縮軟件進行二次加密,從而進一步提高安全性.
근거미연관방문당、OpenOffice문당급wvWare실현등완전공개적신식,대RC4류밀마급기재미연Office계렬중적실현진행분석,인위Office 97~2003소묵인사용적40 bit가밀방식교불안전,통과결합Rainbow예계산공격방법,증실기취약성.통과연구,건의불사용묵인적"Office 97/2000겸용"40 bit가밀,이채용경안전적"Microsoft Enhanced Cryptographic Provider"128 bit가밀,혹자사용압축연건진행이차가밀,종이진일보제고안전성.
According to the open information from the Microsoft official documents, the OpenOffice documents and the wvWare project, this paper studies the RC4 stream cipher and its implementation in the Office 97~2003. The analysis discovers that the default 40 bit encryption method used by Office 97-2003 is very weak and insecure. Coupling rainbow precomputation attack, the encryption can be broken in 1 min~2 min. This paper suggests users do not rely on the default 40 bit "Office 97/2000 Compatible" encryption to protect your confidential information. On the contrary, the 128 bit "Microsoft Enhanced Cryptographic Provider" is preferred. It also recommends that users adopt the stronger encryption algorithm provided by compression softwares better when better security is necessary.
