?
Solved

What is the encryption used in MS Office 2010 Outlook, Word Excel and are they possible to be breached

Posted on 2015-02-03
13
Medium Priority
?
420 Views
Last Modified: 2016-02-11
We use password for Outlook PST data files, Excel and Word documents.  We would like to know what is the encryption used of each and since we have seen lots of software that offers to break these password on the Internet, we would like to also know EE view on how true that these apps can break them.
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +1
13 Comments
 
LVL 81

Expert Comment

by:zorvek (Kevin Jones)
ID: 40587929
The encryption is not very good and is easily breached with a simple Google search.

As a Microsoft Excel MVP and a member of Experts Exchange, I do not want nor should assist anyone with breaking the code. But it's very easy to do as you have found out.

Kevin
0
 

Author Comment

by:rayluvs
ID: 40587955
We don't want to break the code just want to know encryption used; you have this info?
0
 
LVL 3

Accepted Solution

by:
Phil Coulson earned 1000 total points
ID: 40587968
Hey there,

As per your query the Microsoft office 2010  that uses a 128 bit key AES protection.
AES – Advance Encryption Standard

As far as breaching is concerned even if utilizing all known password breakers (that speeds up the attacks 4 times more) it would take a typical computer a million year or more to break a 128-bit AES key.

Regards
Phil
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 81

Expert Comment

by:zorvek (Kevin Jones)
ID: 40587977
Phil,

The problem is not the process of decrypting, it's the process of hacking the password. The password is easily hacked which thus renders the encrypted data vulnerable.

Kevin
0
 
LVL 3

Expert Comment

by:Phil Coulson
ID: 40588003
Hey Kevin,

I guess you got my answer wrong even as the author also said here we are talking about Microsoft password encryption standards and its probability of being hacked, As the question demands.

regards
Phil
0
 
LVL 81

Expert Comment

by:zorvek (Kevin Jones)
ID: 40588011
The author asked about breaking the encryption. This means converting the document from an encrypted state to an unencrypted state. It doesn't matter how many bits of encryption you use if the password can be hacked allowing the document to be decrypted and viewed. It really is that simple. And Excel's password scheme is relative simple to crack.

Kevin
0
 
LVL 11

Expert Comment

by:jkpieterse
ID: 40588496
How easy an Excel password is hacked depends enormously on which password we are talking about here:

- Workbook Open password (not simple to crack, except by trying many passwords)
- Worksheet protection password (very simple to crack)
- Workbook structure protection password (very simple to crack)
- VBA password (very simple to crack)
0
 

Author Comment

by:rayluvs
ID: 40590075
Just to be clear, and like an EE oriented us in one of our previous questions, "it's the password chosen, that is the weakest link".  So no matter how strong or secure or unbreakable is an encryption, if the password is weak, say "12345", then it can be hacked easily.  FYI: we use long password or pass-phrase with mix characters.

That being said, we are not interested in hacking passwords.  Our main concern are two (2):

1. When placing a password on the 3 MS Office apps below, what are the type of encryption per each:

   
Outlook PST
   
Word
   
Excel

In ID: 40587968, was answered "Microsoft office 2010  that uses a 128 bit key AES protection. AES – Advance Encryption Standard".  

Can we conclude that the password entered in Output PST, Word Excel, all three are AES-128 bit or does each has their own encryption algorithm?

2. We have seen lots of software out there that offers to break these password on the Internet. In your opinion and based on the encryption type you guys mention, [b][i]how true is it that these apps can break have those password?[/i][/b]

0
 
LVL 81

Assisted Solution

by:zorvek (Kevin Jones)
zorvek (Kevin Jones) earned 400 total points
ID: 40590147
If you are concerned about security and the ability to keep your content from being viewed by unauthorized people, I strongly suggest that you hire a network security consultant to ensure that your network is secure from hackers.

Depending on Microsoft Office's version of encryption to protect the three types of files you mention is probably not going to prevent someone determined to hack into your documents.

With regard to Excel (I can't speak for Outlook and Word files,) if you are using document-level security, the password is difficult but not impossible to crack. And it's the password that is hacked, not the encrypted content. Once the password is hacked then the document can be decrypted.

My experience with document-level password crack programs is that they work relatively well most of the time.

Put your money into your network security. Password protecting every sensitive document really just makes it more painful for your employees. It will not stop a determined hacker.

Kevin
0
 
LVL 11

Expert Comment

by:jkpieterse
ID: 40590397
I agree with Kevin on this.
And if you're sending out Excel files (through email or otherwise), if there is any information in the file others really must not see, always make sure you remove that information prior to sending.
0
 

Author Comment

by:rayluvs
ID: 40591415
Ok, based on your comments, the second part of our question is answered: How true the Internet-crack-apps are to break the security of the Ms Office apps - Very True (obviously, the stronger the password, the less probable to be jacked).

But we still are trying to identify what encryption if any is being used in the Ms Office app described above.

If the encryption is weak, then no matter the password length, the security will be breached.  For example, to our understanding and what we have been googling, we found a link stating the easiest and weakest encryption (http://science.opposingviews.com/weakest-encryption-algorithm-3318.html): The 'Substitution Cipher Algorithm' method.

According to the link, this method replaces letters with different letters, or other symbols such as hieroglyphs. So if a password is made up of "Mary had a little lamb" becomes "Tzqa izd z nossld nztb." To break the cipher, you need only analyze how often the symbols occur and make educated guesses. In standard English, the letters "E," "T," "A," "O," "I" and "N" occur with the greatest frequency, so the symbols which occur most often in a substitution cipher will most likely be "Es" or "Ts." You find the remaining letters according to their decreasing frequency of use. With a little practice, most fifth-graders can master substitution ciphers.

We don't know what encryption Outlook PST, Word and Excel uses and since my previous entry "...all three are AES-128 bit or does each has their own encryption algorithm?" was not address, we would like EE assistance in identifying the encryption used if any bluntness apps.
0
 
LVL 11

Assisted Solution

by:jkpieterse
jkpieterse earned 600 total points
ID: 40591462
0
 

Author Comment

by:rayluvs
ID: 40592440
Yes that help lots! Thanx!

It has answer a lot of questions beside whet we entered here in EE.  But also created more questions for us that obviously we will be looking into prior asking EE for help. In addition, helped us funnel our search in google and could locate a white-paper that talks entirely on the security & encryption in MS Office 2010 (here is the link incase other member find it helpful: http://www.microsoft.com/en-us/download/details.aspx?id=21869)

Thanx EE for all your help!
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how you can use Custom Document Properties to store settings and other information in your workbook so that they will be available the next time you open the workbook.
If you need to forecast numbers -- typically for finance -- the Windows and Mac versions of Excel 2016 have a basket of tools to get the job done.
This Micro Tutorial demonstrates in Microsoft Excel how to consolidate your marketing data by creating an interactive charts using form controls. This creates cool drop-downs for viewers of your chart to choose from.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question