How safe is Word encryption. Is it really secure?

In Word 2002 and 2003, the default encryption method is "97/2000 compatible", which means that the same insecure encryption method is used.

Fortunately there is a solution. To achieve good encryption, one has to select a strong encryption method. This is done by clicking the "Advanced" button next to the "Password to open" field. A list of available Crypto Service Providers (CSP's) appears.

Choose encryption type with strong encryption capacity in Word

Here select a CSP with at least 128 bits RC4, like the "Microsoft Enhanced Cryptographic Provider v1.0". 128 bits encryption is considered strong encryption. RC4 is widely used, for example by Online Banking Systems and in PDF encryption.

Let's take the scenario of a cracker trying 15 million passwords per second. This is currently the maximum speed being claimed by password cracker vendors. You need a pretty fast computer to achieve this. The following table shows the computed time to crack a password with 15 million tries per second. Notice the incredible increase in time to try all possible combinations when password length and complexity increase.

Note: the crack times mentioned in the table are needed to try all the possible passwords. There is a great chance that the cracker only needs 50% of this time. Also bear in mind that a cracker can always have a lucky shot at his first try and crack the password immediately. The chance is very small, but theoretically it is possible.

You can open the encrypted document with a standard Word version

Original post:
How safe is Word encryption. Is it really secure?

Related Posts
This entry was posted in $1$s. Bookmark the permalink.