Colliding password protected MS office 97-2003 documents
#9
You have a sharp eye!

If you just want to crack the document you could stop the process after mode #1 and use the RC4 key to decrypt it. That would require special decrypting tools that know how to decrypt the .doc or .xls or whatever with only the RC4 key. I could imagine such tools exist. But that's another reason why I split the one mode 9700 into two modes 9710 and 9720. If you just want to crack the document and you have such a tool, all you need is 9710.

But, as you said as well, there's often the case that you are not interessted in the document data itself. In that case you're only interessted in the real password that was used. That was actually my intention when I first thought about splitting the kernels, because I wanted to get rid of the RC4 stuff. This is where mitm idea came in. By removing RC4 stuff from the kernel, that would speed up th MD5 kernel. Afterwards, when I did that, I realized that it's not the full 128 bit MD5 digest that we need to hit, it's just 40 bits. This is when the Idea to collide it came in.


Messages In This Thread
RE: Colliding password protected MS office 97-2003 documents - by atom - 09-10-2014, 08:31 AM