jana
asked on
What is the encryption used in MS Office 2010 Outlook, Word Excel and are they possible to be breached
We use password for Outlook PST data files, Excel and Word documents. We would like to know what is the encryption used of each and since we have seen lots of software that offers to break these password on the Internet, we would like to also know EE view on how true that these apps can break them.
ASKER
We don't want to break the code just want to know encryption used; you have this info?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Phil,
The problem is not the process of decrypting, it's the process of hacking the password. The password is easily hacked which thus renders the encrypted data vulnerable.
Kevin
The problem is not the process of decrypting, it's the process of hacking the password. The password is easily hacked which thus renders the encrypted data vulnerable.
Kevin
Hey Kevin,
I guess you got my answer wrong even as the author also said here we are talking about Microsoft password encryption standards and its probability of being hacked, As the question demands.
regards
Phil
I guess you got my answer wrong even as the author also said here we are talking about Microsoft password encryption standards and its probability of being hacked, As the question demands.
regards
Phil
The author asked about breaking the encryption. This means converting the document from an encrypted state to an unencrypted state. It doesn't matter how many bits of encryption you use if the password can be hacked allowing the document to be decrypted and viewed. It really is that simple. And Excel's password scheme is relative simple to crack.
Kevin
Kevin
How easy an Excel password is hacked depends enormously on which password we are talking about here:
- Workbook Open password (not simple to crack, except by trying many passwords)
- Worksheet protection password (very simple to crack)
- Workbook structure protection password (very simple to crack)
- VBA password (very simple to crack)
- Workbook Open password (not simple to crack, except by trying many passwords)
- Worksheet protection password (very simple to crack)
- Workbook structure protection password (very simple to crack)
- VBA password (very simple to crack)
ASKER
Just to be clear, and like an EE oriented us in one of our previous questions, "it's the password chosen, that is the weakest link". So no matter how strong or secure or unbreakable is an encryption, if the password is weak, say "12345", then it can be hacked easily. FYI: we use long password or pass-phrase with mix characters.
That being said, we are not interested in hacking passwords. Our main concern are two (2):
That being said, we are not interested in hacking passwords. Our main concern are two (2):
1. When placing a password on the 3 MS Office apps below, what are the type of encryption per each:
Outlook PST
Word
Excel
In ID: 40587968, was answered "Microsoft office 2010 that uses a 128 bit key AES protection. AES – Advance Encryption Standard".
Can we conclude that the password entered in Output PST, Word Excel, all three are AES-128 bit or does each has their own encryption algorithm?
2. We have seen lots of software out there that offers to break these password on the Internet. In your opinion and based on the encryption type you guys mention, [b][i]how true is it that these apps can break have those password?[/i][/b]
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with Kevin on this.
And if you're sending out Excel files (through email or otherwise), if there is any information in the file others really must not see, always make sure you remove that information prior to sending.
And if you're sending out Excel files (through email or otherwise), if there is any information in the file others really must not see, always make sure you remove that information prior to sending.
ASKER
Ok, based on your comments, the second part of our question is answered: How true the Internet-crack-apps are to break the security of the Ms Office apps - Very True (obviously, the stronger the password, the less probable to be jacked).
But we still are trying to identify what encryption if any is being used in the Ms Office app described above.
If the encryption is weak, then no matter the password length, the security will be breached. For example, to our understanding and what we have been googling, we found a link stating the easiest and weakest encryption (http://science.opposingviews.com/weakest-encryption-algorithm-3318.html): The 'Substitution Cipher Algorithm' method.
According to the link, this method replaces letters with different letters, or other symbols such as hieroglyphs. So if a password is made up of "Mary had a little lamb" becomes "Tzqa izd z nossld nztb." To break the cipher, you need only analyze how often the symbols occur and make educated guesses. In standard English, the letters "E," "T," "A," "O," "I" and "N" occur with the greatest frequency, so the symbols which occur most often in a substitution cipher will most likely be "Es" or "Ts." You find the remaining letters according to their decreasing frequency of use. With a little practice, most fifth-graders can master substitution ciphers.
We don't know what encryption Outlook PST, Word and Excel uses and since my previous entry "...all three are AES-128 bit or does each has their own encryption algorithm?" was not address, we would like EE assistance in identifying the encryption used if any bluntness apps.
But we still are trying to identify what encryption if any is being used in the Ms Office app described above.
If the encryption is weak, then no matter the password length, the security will be breached. For example, to our understanding and what we have been googling, we found a link stating the easiest and weakest encryption (http://science.opposingviews.com/weakest-encryption-algorithm-3318.html): The 'Substitution Cipher Algorithm' method.
According to the link, this method replaces letters with different letters, or other symbols such as hieroglyphs. So if a password is made up of "Mary had a little lamb" becomes "Tzqa izd z nossld nztb." To break the cipher, you need only analyze how often the symbols occur and make educated guesses. In standard English, the letters "E," "T," "A," "O," "I" and "N" occur with the greatest frequency, so the symbols which occur most often in a substitution cipher will most likely be "Es" or "Ts." You find the remaining letters according to their decreasing frequency of use. With a little practice, most fifth-graders can master substitution ciphers.
We don't know what encryption Outlook PST, Word and Excel uses and since my previous entry "...all three are AES-128 bit or does each has their own encryption algorithm?" was not address, we would like EE assistance in identifying the encryption used if any bluntness apps.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes that help lots! Thanx!
It has answer a lot of questions beside whet we entered here in EE. But also created more questions for us that obviously we will be looking into prior asking EE for help. In addition, helped us funnel our search in google and could locate a white-paper that talks entirely on the security & encryption in MS Office 2010 (here is the link incase other member find it helpful: http://www.microsoft.com/en-us/download/details.aspx?id=21869)
Thanx EE for all your help!
It has answer a lot of questions beside whet we entered here in EE. But also created more questions for us that obviously we will be looking into prior asking EE for help. In addition, helped us funnel our search in google and could locate a white-paper that talks entirely on the security & encryption in MS Office 2010 (here is the link incase other member find it helpful: http://www.microsoft.com/en-us/download/details.aspx?id=21869)
Thanx EE for all your help!
As a Microsoft Excel MVP and a member of Experts Exchange, I do not want nor should assist anyone with breaking the code. But it's very easy to do as you have found out.
Kevin