| RC4流密码与微软Office文档安全分析 |
| |
| 引用本文: | 何克晶. RC4流密码与微软Office文档安全分析[J]. 计算机工程, 2009, 35(23): 130-132 |
| |
| 作者姓名: | 何克晶 |
| |
| 作者单位: | 华南理工大学计算机科学与工程学院,广州,510641 |
| |
| 摘 要: | 根据微软官方文档、OpenOffice文档及wvWare实现等完全公开的信息,对RC4流密码及其在微软Office系列中的实现进行分析,认为Office97-2003所默认使用的40bit加密方式较不安全,通过结合Rainbow预计算攻击方法,证实其脆弱性。通过研究,建议不使用默认的“Office97/2000兼容”40bit加密,而采用更安全的“Microsoft Enhanced Cryptographic Provider”128bit加密,或者使用压缩软件进行二次加密,从而进一步提高安全性。
|
| 关 键 词: | RC4流密码 预计算攻击 微软Office 文档安全 |
| 修稿时间: | |
Analysis of RC4 Stream Cipher and Microsoft Office Document Security |
| |
| HE Ke-jing. Analysis of RC4 Stream Cipher and Microsoft Office Document Security[J]. Computer Engineering, 2009, 35(23): 130-132 |
| |
| Authors: | HE Ke-jing |
| |
| Affiliation: | (School of Computer Science and Engineering, South China University of Technology, Guangzhou 510641) |
| |
| Abstract: | According to the open information from the Microsoft official documents, the OpenOffice documents and the wvWare project, this paper studies the RC4 stream cipher and its implementation in the Office 97~2003. The analysis discovers that the default 40 bit encryption method used by Office 97-2003 is very weak and insecure. Coupling rainbow precomputation attack, the encryption can be broken in 1 min~2 min. This paper suggests users do not rely on the default 40 bit "Office 97/2000 Compatible" encryption to protect your confidential information. On the contrary, the 128 bit "Microsoft Enhanced Cryptographic Provider" is preferred. It also recommends that users adopt the stronger encryption algorithm provided by compression softwares better when better security is necessary. |
| |
| Keywords: | RC4 stream cipher precomputation attack Microsoft Office document security |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
