Solved

What is the encryption used in MS Office 2010 Outlook, Word Excel and are they possible to be breached

Posted on 2015-02-03
13
370 Views
Last Modified: 2016-02-11
We use password for Outlook PST data files, Excel and Word documents.  We would like to know what is the encryption used of each and since we have seen lots of software that offers to break these password on the Internet, we would like to also know EE view on how true that these apps can break them.
0
Comment
Question by:rayluvs
  • 4
  • 4
  • 3
  • +1
13 Comments
 
LVL 81

Expert Comment

by:zorvek (Kevin Jones)
ID: 40587929
The encryption is not very good and is easily breached with a simple Google search.

As a Microsoft Excel MVP and a member of Experts Exchange, I do not want nor should assist anyone with breaking the code. But it's very easy to do as you have found out.

Kevin
0
 

Author Comment

by:rayluvs
ID: 40587955
We don't want to break the code just want to know encryption used; you have this info?
0
 
LVL 3

Accepted Solution

by:
Phil Coulson earned 250 total points
ID: 40587968
Hey there,

As per your query the Microsoft office 2010  that uses a 128 bit key AES protection.
AES – Advance Encryption Standard

As far as breaching is concerned even if utilizing all known password breakers (that speeds up the attacks 4 times more) it would take a typical computer a million year or more to break a 128-bit AES key.

Regards
Phil
0
 
LVL 81

Expert Comment

by:zorvek (Kevin Jones)
ID: 40587977
Phil,

The problem is not the process of decrypting, it's the process of hacking the password. The password is easily hacked which thus renders the encrypted data vulnerable.

Kevin
0
 
LVL 3

Expert Comment

by:Phil Coulson
ID: 40588003
Hey Kevin,

I guess you got my answer wrong even as the author also said here we are talking about Microsoft password encryption standards and its probability of being hacked, As the question demands.

regards
Phil
0
 
LVL 81

Expert Comment

by:zorvek (Kevin Jones)
ID: 40588011
The author asked about breaking the encryption. This means converting the document from an encrypted state to an unencrypted state. It doesn't matter how many bits of encryption you use if the password can be hacked allowing the document to be decrypted and viewed. It really is that simple. And Excel's password scheme is relative simple to crack.

Kevin
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 11

Expert Comment

by:jkpieterse
ID: 40588496
How easy an Excel password is hacked depends enormously on which password we are talking about here:

- Workbook Open password (not simple to crack, except by trying many passwords)
- Worksheet protection password (very simple to crack)
- Workbook structure protection password (very simple to crack)
- VBA password (very simple to crack)
0
 

Author Comment

by:rayluvs
ID: 40590075
Just to be clear, and like an EE oriented us in one of our previous questions, "it's the password chosen, that is the weakest link".  So no matter how strong or secure or unbreakable is an encryption, if the password is weak, say "12345", then it can be hacked easily.  FYI: we use long password or pass-phrase with mix characters.

That being said, we are not interested in hacking passwords.  Our main concern are two (2):

1. When placing a password on the 3 MS Office apps below, what are the type of encryption per each:

   
Outlook PST
   
Word
   
Excel

In ID: 40587968, was answered "Microsoft office 2010  that uses a 128 bit key AES protection. AES – Advance Encryption Standard".  

Can we conclude that the password entered in Output PST, Word Excel, all three are AES-128 bit or does each has their own encryption algorithm?

2. We have seen lots of software out there that offers to break these password on the Internet. In your opinion and based on the encryption type you guys mention, [b][i]how true is it that these apps can break have those password?[/i][/b]

0
 
LVL 81

Assisted Solution

by:zorvek (Kevin Jones)
zorvek (Kevin Jones) earned 100 total points
ID: 40590147
If you are concerned about security and the ability to keep your content from being viewed by unauthorized people, I strongly suggest that you hire a network security consultant to ensure that your network is secure from hackers.

Depending on Microsoft Office's version of encryption to protect the three types of files you mention is probably not going to prevent someone determined to hack into your documents.

With regard to Excel (I can't speak for Outlook and Word files,) if you are using document-level security, the password is difficult but not impossible to crack. And it's the password that is hacked, not the encrypted content. Once the password is hacked then the document can be decrypted.

My experience with document-level password crack programs is that they work relatively well most of the time.

Put your money into your network security. Password protecting every sensitive document really just makes it more painful for your employees. It will not stop a determined hacker.

Kevin
0
 
LVL 11

Expert Comment

by:jkpieterse
ID: 40590397
I agree with Kevin on this.
And if you're sending out Excel files (through email or otherwise), if there is any information in the file others really must not see, always make sure you remove that information prior to sending.
0
 

Author Comment

by:rayluvs
ID: 40591415
Ok, based on your comments, the second part of our question is answered: How true the Internet-crack-apps are to break the security of the Ms Office apps - Very True (obviously, the stronger the password, the less probable to be jacked).

But we still are trying to identify what encryption if any is being used in the Ms Office app described above.

If the encryption is weak, then no matter the password length, the security will be breached.  For example, to our understanding and what we have been googling, we found a link stating the easiest and weakest encryption (http://science.opposingviews.com/weakest-encryption-algorithm-3318.html): The 'Substitution Cipher Algorithm' method.

According to the link, this method replaces letters with different letters, or other symbols such as hieroglyphs. So if a password is made up of "Mary had a little lamb" becomes "Tzqa izd z nossld nztb." To break the cipher, you need only analyze how often the symbols occur and make educated guesses. In standard English, the letters "E," "T," "A," "O," "I" and "N" occur with the greatest frequency, so the symbols which occur most often in a substitution cipher will most likely be "Es" or "Ts." You find the remaining letters according to their decreasing frequency of use. With a little practice, most fifth-graders can master substitution ciphers.

We don't know what encryption Outlook PST, Word and Excel uses and since my previous entry "...all three are AES-128 bit or does each has their own encryption algorithm?" was not address, we would like EE assistance in identifying the encryption used if any bluntness apps.
0
 
LVL 11

Assisted Solution

by:jkpieterse
jkpieterse earned 150 total points
ID: 40591462
0
 

Author Comment

by:rayluvs
ID: 40592440
Yes that help lots! Thanx!

It has answer a lot of questions beside whet we entered here in EE.  But also created more questions for us that obviously we will be looking into prior asking EE for help. In addition, helped us funnel our search in google and could locate a white-paper that talks entirely on the security & encryption in MS Office 2010 (here is the link incase other member find it helpful: http://www.microsoft.com/en-us/download/details.aspx?id=21869)

Thanx EE for all your help!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Outlook Free & Paid Tools
If you don't know how to downgrade, my instructions below should be helpful.
This Micro Tutorial will demonstrate how to create pivot charts out of a data set. I also added a drop-down menu which allows to choose from different categories in the data set and the chart will automatically update.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now