Crypto expert: Microsoft flaw is serious
Microsoft should sort flaw and abandon RC4 in favour of better ciphers, says PGP creator.
By John Dunn | Techworld | Published: 12:17, 27 January 2005
Cryptography expert Phil Zimmermann has said he believes the flaw discovered in Microsoft’s Word and Excel encryption is serious and warrants immediate attention.
"I think this is a serious flaw - it is highly exploitable. It is not a theoretical attack," said Zimmermann, referring to a flaw in Microsoft’s use of RC4 document encryption unearthed recently by a researcher in Singapore.
"The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. […] If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security."
Microsoft has been dismissive of the seriousness of the flaw, which relates to the way it has implemented the RC4 encryption stream cipher. As explained by Hungjun Wu of the Institute of Infocomm Research, it would allow anyone able to gain access to two or more versions of the same password and encrypted document to reverse engineer the scheme used to make it secure.
"Stream ciphers have to be used most carefully. Any failure to do this will result in a disastrous loss of security," Zimmermann said. "Even with a properly chosen initialisation vector, you have to run RC4 for a while before the quality of the stream cipher is good enough to use." Contrary to Microsoft’s claims that the issue was a "very low threat", he countered that gaining access to a document would not present problems for a determined hacker. “There are tools one can use to cryptanalyse messages in this way."
Even if the flaw was fixed, in his view a more fundamental problem was Microsoft’s use of RC4, licensed from RSA Security.
"Why does Microsoft continue to use RC4 in this day and age? It has other security flaws that have been published in other papers," adding that "RC4 is a proprietary cipher and has not stood up well to peer review. They should just stop using RC4. It would be better to switch to a block cipher."
When contacted Microsoft, was unable to commit to a timescale for correcting the flaw but issued the following statement by way of a spokesperson: “Microsoft is still investigating this report of a possible vulnerability in Microsoft Office. When that investigation is complete, we will take the appropriate actions to protect customers. This may include providing a security update through our monthly release process.”
Zimmermann, meanwhile, emphasised the need for responsible disclosure of such problems. "The best way is to quietly disclose the problem to the vendor and then allow the vendor 30 days to fix the problem. Then go public," he said.
Phil Zimmermann is best-known as the creator of Pretty Good Privacy (PGP), a desktop encryption program that was powerful enough that the US authorities attempted to have its distribution stopped and Zimmermann imprisoned for writing it. The case was abandoned 1996. PGP was bought out by Network Associates, though an independent company, PGP Corporation, has since been spun out to develop its core technology.
Read our interview with Phil Zimmermann, A world scrambled