The Misuse of RC4 in Microsoft Word and Excel

ASTALAVISTA SECURITY GROUP : The Misuse of RC4 in Microsoft Word and Excel: "27.01.2005 17:31:48"

In this report, we point out a serious security flaw in Microsoft Word and Excel. The stream cipher RC4 with key length up to 128 bits is used in Microsoft Excel and Word to protect the documents. But when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is applied to encrypt different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered easily.