"Nick Steinmetz" <[email protected]> wrote in message
news:[email protected]
> Are there plans in place to support a strong form of encryption for
> document files, such as RC4? Currently the only type supported is the
> MS Office 97 format which has known vulnerabilities.
May I ask specifically what "vulnerabilities" you are referring to? I
am genuinely interested and would like to follow up on them for my own
edification. I've found myself with misplaced loyalties before, so ...
<g>.
I don't know the answer to your question and am not in a position to
know the answer but there are some vagueries in your query that bear
either confirmation or clarification.
-- I wasn't aware that Office97 provided any protection method that
wasn't also a part of the windows operating system. Windows has come a
long, long ways since the days of Office 97 and whatever version of
windows it happened to run on starting with windows 3.1 IIRC all the way
up to at least XP and possibly Vista with compatability modes.
RC4, or ARC4 is definitely NOT a fully validated, strong security method
of encryption. In some cases, it is not much more secure than say ROT13
is. RC4 is used for things like Secure Socket Layer, the SSL used on
web sites and so on.
It's also non-random, so for instance, although this is a slight
exaggeration, discovering which codes might be vowels is relatively
easy. Once you've found and verfieid a letter or two, the
non-randomness means the rest of the patterns become quickly clear.
Obviously it's not quite that simple, but in comparison to XP's
capability or Blowfish, it's almost a trivial encryption method.
-- XP's encryption algos are actually pretty tight, though AFAIK still
at 128 bits, not 256 as some are. I have heard 256 might show up in
win7 and I don't know if it did in Vista or not.
That said however, EFS (XP encryption) is extremely secure and
reliable. Without posession of the cert keys in fact, simply
reformatting a hard drive will make the data unavailable to anyone until
the original keys it was encrypted under are provided to it. Your
account password is a lot more likely to be compromised than the
encrypted data in fact and becomes the weak link in on-machine theft
because the data is unencrypted as it's moved almost anywhere.
In their infinite wisdom, MS botched providing sufficient collateral
information in the right places for EFS key/cert protection, and thus
some people believe it loses data on them, but it does not. Its
reliability is stellar, and especially more so when coupled with a
properly entrenched and competent backup strategy. But if you didn't
export and keep those keys, it's highly unlikely the data will ever be
restored again. Period. All in all, it's very good protection as long
as it's also covered with a very strong password.
Open Office, IIRC, uses Blowfish algorithms, does it not? 128 bit, I
think. Those aren't too shabby at all, actually. Between OOo's algos
and adding XP's algos to that, would remove easy access to the raw data
in XP, but it should create a pretty darned strong protection. There
are also some decent 3rd party apps for encryption, but they all have
their cons, especially in that you can simply copy an encrypted file to
another drive or machine anywhere and unencrypt it with just a password.
Anyway ... your post caught my eye and I'm interested in why you think
the way you do. I'm quite interested in hearing back from you as other
may be also.
HTH,
Twayne`
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
