Crypto expert: Microsoft flaw is serious

R.A. Hettinga rah at
Thu Jan 27 06:43:20 PST 2005

<> -  

27 January 2005
Crypto expert: Microsoft flaw is serious
Microsoft should sort flaw and abandon RC4 in favour of better ciphers,
says PGP creator.

By John E. Dunn, Techworld

Cryptography expert Phil Zimmermann has said he believes the flaw
discovered in Microsoft's Word and Excel encryption is serious and warrants
immediate attention.

"I think this is a serious flaw - it is highly exploitable. It is not a
theoretical attack," said Zimmermann, referring to a  flaw  in Microsoft's
use of RC4 document encryption unearthed recently by a researcher in

 "The lay user ought to be entitled to assume that the encryption produced
by Microsoft is adequate. [
] If Microsoft wants to earn the respect of the
cryptographic community and the public it must rise to the occasion by
producing competent security."

Microsoft has been dismissive of the seriousness of the flaw, which relates
to the way it has implemented the RC4 encryption stream cipher. As
explained by Hungjun Wu of the Institute of Infocomm Research, it would
allow anyone able to gain access to two or more versions of the same
password and encrypted document to reverse engineer the scheme used to make
it secure.

"Stream ciphers have to be used most carefully. Any failure to do this will
result in a disastrous loss of security," Zimmermann said. "Even with a
properly chosen initialisation vector, you have to run it for a while
before the quality of the stream cipher is good enough to use." Contrary to
Microsoft's claims that the issue was a "very low threat", he countered
that gaining access to a document would not present problems for a
determined hacker. "There are tools one can use to cryptanalyse messages in
this way."

 Even if the flaw was fixed, in his view a more fundamental problem was
Microsoft's use of RC4, licensed from RSA Security.

"Why does Microsoft continue to use RC4 in this day and age? It has other
security flaws that have been published in other papers," adding that "RC4
is a proprietary cipher and has not stood up well to peer review. They
should just stop using RC4. It would be better to switch to a block cipher."

When contacted Microsoft, was unable to commit to a timescale for
correcting the flaw but issued the following statement by way of a
spokesperson: "Microsoft is still investigating this report of a possible
vulnerability in Microsoft Office. When that investigation is complete, we
will take the appropriate actions to protect customers. This may include
providing a security update through our monthly release process."

Zimmermann, meanwhile, emphasised the need for responsible disclosure of
such problems. "The best way is to quietly disclose the problem to the
vendor and then allow the vendor 30 days to fix the problem. Then go
public," he said.

Phil Zimmermann is best-known as the creator of Pretty Good Privacy (PGP),
a desktop encryption program that was powerful enough that the US
authorities attempted to have its distribution stopped and Zimmermann
imprisoned for writing it. The case was abandoned 1996. PGP was bought out
by Network Associates, though an independent company, PGP Corporation, has
since been spun out to develop its core technology.

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list