How secure is the encryption used by Microsoft Office 2007?

microsoft-office encryption microsoft-office-2007

I've read various articles about Microsoft's Office 2007 encryption and from what I gather 2007 is secure using all default options due to it using AES, and 2000 and 2003 can be configured secure by changing the default algorithm to AES. I was wondering if anyone else has read any other articles or know of any specific vulnerabilities involved with how they implement the encryption. I would like to be able to tell users that they can use this to send semi-sensitive documents as long as they use AES and a strong password. Thanks for the information.


Yes office encryption is pretty secure. I put together a presentation on office 2007 security a while back. Here are the relevent bits from a whitepaper I referenced.

  • Previous versions of Microsoft Office used an RC4 stream cipher with a key length of up to 128 bits.
  • weakness in the implementation of the RC4 encryption algorithm made it possible for hackers compare two versions of a password-protected file to discover the contents and allow unauthorized users to read its contents.
  • Microsoft 2007 Office system uses the Advanced Encryption Standard (AES) encryption, which is the strongest industry-standard algorithm available and was selected by the National Security Agency (NSA) to be used as the standard for the U.S. Government, AES has a default 128-bit key (which can be increased to 256-bit via the Windows Registry or group policy) and uses SHA-1 hashing
  • The Microsoft 2007 Office system improves the algorithm of converting passwords into keys: 50,000 SHA-1 sequential iterations are performed.
  • AES encryption is supported for Open XML formats used in previous versions of Microsoft Office when those documents are created in an Microsoft 2007 Office system application. However, documents saved in the older Office binary formats can only be encrypted using RC4 to maintain compatibility with older versions of Microsoft Office.
  • AES support is a function of the operating system's cryptographic services providers. AES encryption is supported on Windows Server 2003 and above, Windows XP SP2 and above

See also Dave Leblanc's blog


Office 2007 Encyption is good, but only when these two things apply:

  • The file is in a 2007 Native format (docx for Word, xlsx for Excel, etc)
  • You pick a good password. For most people this is 8+ character, using at least one of each: lowercase, caps, and numbers. For more security, longer and with symbols.

If the file you open is in Compatibility Mode you can't guarantee the security of the file (It could be in Office 97 Compatibility mode, where encryption can be broke in <10 seconds).

Office 2003 Encryption can be good. In Office 2003 the Encryption is set by default to be compatible with Office 97 (<10 second problem). It can be set to use RC4 which is somewhat secure. It uses 40 to 128-bit keys. RC4 has come under scrutiny of late though with the way it works; and many theorize a brute force attack would take significatly less time than 2^n.

Related

How to allow members of a group to change file permissions on linux
How to tell mod_auth_kerb to do its job despite no "require valid-user"
How to enable debug of dhcp client on Windows 7
mount: cannot remount block device /dev/sda5 read-write, is write-protected
Unable to get the SSH access for a new user
Why isn't IIS serving my static CSS / JS files?
Shrink/reset directory size?
Has anyone achieved true differential sync with rsync in ESXi?
Should Nginx be at the front of HAProxy or opposite?
How can I modify a jenkins job configuration programatically without a restart?
Using 48v for servers
How can i make wget download only pages not css images etc?