Excel Encryption
- From: Charles Wyble <jackshck yahoo com>
- To: gnumeric-list gnome org
- Subject: Excel Encryption
- Date: Wed, 26 Sep 2001 11:08:10 -0700 (PDT)
Hello Everyone.
Below is some information I have gathered on Excel
encryption. Please let me know if it helps, and
what is still needed.
Workbook Encryption
Excel 97 and later
The 1Table structure contains three 16 byte
numbers. The first is a
random salt. The second is an MD5 hashed nonce
encrypted using RC4
with a key (K). This encrypted hash is stored as a
second 16 byte
number in 1Table. The nonce is encrypted using key
(K) and MD5 hashed
then stored as a third 16 byte number in 1Table.
The key (K) is calculated in the following way:
The password (expressed in Unicode) is MD5 hashed.
The first five
bytes of the password hash are put into an array
with the 1st 16 byte
number (the salt) stored in the 1Table structure.
The salt is
repeatedly concatenated with the password and then
padded according to
the MD5 algorithm. The MD5 hash is taken. The first
five bytes of this
hash are saved and then padded and MD5 hashed
again. The first five
bytes of this hash along with a counter byte become
the RC4 key for
encrypting/decrypting the document. The counter
periodically re-keys
the RC4 engine by incrementing the counter byte
modulo 8.
This key is first MD5 hashed before RC4 key
scheduling. This hash is
the key (K).
There is a better way to recover the document. This
is to recover the
five
byte value which is the document key, add the
counter byte and decrypt
the document.
Excel 8 encrypts (scramble) the documents by taking
a password,
converting it to Unicode (a type of character using
two bytes to
encode each printable character) and hashing it
with a modified MD5
Hash to produce an encryption key for an RC4
encryption engine. The
MD5 hash uses non-standard padding and the RC4
encryptor uses a 128
bit key but there is only about 40 bits of entropy
in this key (that
means that the difficulty of determining this key
by exhaustive search
is only as hard as determining a 40 bit key).
There is also an additional 8 bit value appended to
the key but this
value is also easy to determine.
The MD5 hash is a standard "mixing algorithm". You
put a field of text
into the hasher and a 128 bit unique signature of
the input text comes
out. Theory suggests that no two reasonably sized
input texts would
ever hash to the same 128 bit value.
In Excel version 8, the password hash is combined
with 128 bits of
randomized data (sort of a salty hash). This data
is again hashed with
a modified MD5 hash several times (as if once was
not enough) to
produce a 128 bit key for the RC4 encryption
engine. When version 8
saves an encrypted file, it also encrypts and saves
a 128 bit nonce
and the hash of the nonce. This procedure allows
password verification
before decrypting a document.
When an Excel *sheet* is being protected with a
password, a 16-bit
(two byte) long hash is generated. To verify a
password, it is
compared to the hash. Obviously, if the input data
volume is great,
numerous passwords will match the same hash. This
can be easily
reproduced:
Protect a sheet (Tools-Protection-Protect Sheet)
with the password "test" (no quotes)
Unprotect it with the password "zzyw" (again no
quotes)
Book protection is somewhat more sophisticated. The
hash generation
algorithm is the same as with sheet protection,
however, the whole
document is being encrypted. This protection seem
to be relatively
stable at first sight, but a more detailed analysis
revealed that it
is not the password that is entered (or its hash)
which is used to
encrypt the document, but rather a fixed key stored
in the MS Excel
program code.
This key is generated from the password
"VelvetSweatshop". What a nice
joke by Microsoft! Try to protect a MS Excel
workbook with this
password. The most surprising thing is that no
password is required to
open the document.
Worksheet Encryption
Here is the algorithm to create the hash value:
- take the ASCII values of all characters
- shift left the first character 1 bit, the
second 2 bits and so on
(use only the lower 15 bits and rotate
all higher bits, the highest bit of the
16-bit value is always 0 [signed short])
- XOR all these values
- XOR the count of characters
- XOR the constant 0xCE4B
Example: The password is abcdefghij (10 characters)
a -> 0x61 << 1 == 0x00C2
b -> 0x62 << 2 == 0x0188
c -> 0x63 << 3 == 0x0318
d -> 0x64 << 4 == 0x0640
e -> 0x65 << 5 == 0x0CA0
f -> 0x66 << 6 == 0x1980
g -> 0x67 << 7 == 0x3380
h -> 0x68 << 8 == 0x6800
i -> 0x69 << 9 == 0x5201 (unrotated:
0xD200)
j -> 0x6A << 10 == 0x2803 (unrotated:
0x1A800)
count: 0x000A
constant: 0xCE4B
-------------------------
result: 0xFEF1
This value occurs in the PASSWORD record.
=====
Charles Wyble
God Bless
jackshck yahoo com
__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
