In Word 2002 and 2003, the default encryption method is "97/2000 compatible", which means that the same insecure encryption method is used.

Fortunately there is a solution. To achieve good encryption, one has to select a strong encryption method. This is done by clicking the "Advanced" button next to the "Password to open" field. A list of available Crypto Service Providers (CSP's) appears.

Choose encryption type with strong encryption capacity in Word

Here select a CSP with at least 128 bits RC4, like the "Microsoft Enhanced Cryptographic Provider v1.0". 128 bits encryption is considered strong encryption. RC4 is widely used, for example by Online Banking Systems and in PDF encryption.

Let's take the scenario of a cracker trying 15 million passwords per second. This is currently the maximum speed being claimed by password cracker vendors. You need a pretty fast computer to achieve this. The following table shows the computed time to crack a password with 15 million tries per second. Notice the incredible increase in time to try all possible combinations when password length and complexity increase.

Note: the crack times mentioned in the table are needed to try all the possible passwords. There is a great chance that the cracker only needs 50% of this time. Also bear in mind that a cracker can always have a lucky shot at his first try and crack the password immediately. The chance is very small, but theoretically it is possible.

You can open the encrypted document with a standard Word version

Original post:
How safe is Word encryption. Is it really secure?

darrenchaker Post 6

Given the amount of personal data which is now scanned and available on a computer, I hope laws are enacted to require companies to secure such data via encryption in the event the computer is stolen.

@IceCarver: There is no one more interested in cracking encryption methods than the government. It is not easy to brute-force a good encryption system, even for them with the resources they can muster.

Hackers are using whatever tools and techniques they can develop to get into unencrypted data. They'll try to find or guess the keys required to unlock the data, but they cannot break the encryption itself.

@JoseJames has made some great observations about the consumer market for data encryption but all of these comments neglect to mention the fact that the highest form of data encryption in the world is that used in the military industrial complex.

Tasks including the most secretive intelligence missions to simple messages from family members to service personnel are encrypted when they travel over the military computer networks.

@IceCarver, I can understand your skeptisicsm on the topic of internet data encryption but I think there is some reality that you must bring to your viewpoint.

You are correct in that our dependence on data security is taking a sharp turn upward but this isn't a bad thing as the availability to increase digital information will directly correlate to the spread of knowledge and information.

What you fail to realize is that while there are many maliciously-intended cracking groups attempting to break the latest scheme of data encryption, there is also a bigger and much more significant movement working the legal side of data encryption.

Security firms with the sole business purpose of providing data security

Sure, there are lots of bad people out there but I can assure you that there are a lot more and much higher paid amount of people that make up the good side of data encryption.

@CoffeeJim, I appreciate that you feel so secure with data encryption in this very dangerous digital age but I have some very stark news to add to your reality.

Data encryption in the modern day is very far from safe. While there is a constant battle going on in the cyberspaces there has been a resurgence in the cracking of data encryption algorithms.

It seems that whenever the latest and greatest data security hits the market and touts unbreakable barriers to your data it is only a matter of months or days before illicit groups manage to overcome your thoughts of protection.

Besides the typical impacts of everyday brute force hacking, data decryption efforts by crackers takes a top priority as more and more information becomes available in a digital format.

More and more we will have to rely on the security of these complicated math-based systems and it seems that the battle gets tougher and tougher everyday.

Data encryption is essential to the everyday and highly technology-enhacnced lives that we live.

Most people would disregard computer data encryption as a nerdy endeavor only meant for geeks in big glasses behind bright screens. The truth is that the simplest tasks in our day to day functions require the use of data encryption.

A simple swipe of your debit or credit card at the grocery store will provide you with the reminder that your personal information needs to be protected in a variety of ways that use encryption.

Beyond you simple banking needs there are other uses of data encryption that affect you on a day to day basis. Another example is the use of medical

More and more we are seeing that our precious and private medical records are being digitalized for various reason including the ease of transfer between specialists, reduction of environmental impact and the ability to easily analyze years of data without going through hundreds of papers.

I am especially thankful of data encryption for the safety of my medical records specifically.

The rest is here:
What is Data Encryption? (with picture) - wiseGEEK

Here's a demonstration page that uses slowAES.

slowAES was easy to use. Logically designed. Reasonable OO packaging. Supports knobs and levers like IV and Encryption mode. Good compatibility with .NET/C#. The name is tongue-in-cheek; it's called "slow AES" because it's not implemented in C++. But in my tests it was not impractically slow.

It lacks an ECB mode. Also lacks a CTR mode, although you could build one pretty easily given an ECB mode, I guess.

It is solely focused on encryption. A nice complementary class that does RFC2898-compliant password-based key derivation, in Javascript, is available from Anandam. This pair of libraries works well with the analogous .NET classes. Good interop. Though, in contrast to SlowAES, the Javascript PBKDF2 is noticeably slower than the Rfc2898DeriveBytes class when generating keys.

It's not surprising that technically there is good interop, but the key point for me was the model adopted by SlowAES is familiar and easy to use. I found some of the other Javascript libraries for AES to be hard to understand and use. For example, in some of them I couldn't find the place to set the IV, or the mode (CBC, ECB, etc). Things were not where I expected them to be. SlowAES was not like that. The properties were right where I expected them to be. It was easy for me to pick up, having been familiar with the Java and .NET crypto programming models.

Anandam's PBKDF2 was not quite on that level. It supported only a single call to DeriveBytes function, so if you need to derive both a key and an IV from a password, this library won't work, unchanged. Some slight modification, and it is working just fine for that purpose.

EDIT: I put together an example of packaging SlowAES and a modified version of Anandam's PBKDF2 into Windows Script Components. Using this AES with a password-derived key shows good interop with the .NET RijndaelManaged class.

EDIT2: the demo page shows how to use this AES encryption from a web page. Using the same inputs (iv, key, mode, etc) supported in .NET gives you good interop with the .NET Rijndael class. You can do a "view source" to get the javascript for that page.

EDIT3 a late addition: Javascript Cryptography considered harmful. Worth the read.

Read more here:
Javascript AES encryption - Stack Overflow

Cryptology for Kids

Introduction:

A code is a system of symbols, letters, words, or signals that are used instead of ordinary words and numbers to send messages or store information. A code is used to keep the message short or to keep it secret.

Codes and ciphers are forms of secret communication. A code replaces words, phrases, or sentences with groups of letters or numbers, while a cipher rearranges letters or uses substitutes to disguise the message. This process is called encryption or enciphering. The science that studies such secret communication is calledcryptology.

How is cryptology used?

Secret writing has been employed about as long as writing has existed. Codes have been used throughout history whenever people wanted to keep messages private. Cryptology has long been employed by governments, military, businesses, and organizations to protect their messages. Today, encryption is used to protect storage of data and transactions between computers. Visit this site to learn more: http://www.thunk.com/learn.html

In ancient times when messages were carried by foot for miles, kings and rulers would encrypt the letters they would send to allies. This helped to protect the secrecy of the message in case they were stolen. In early American history, even George Washington sent coded messages to his fellow soldiers. Likewise, the members of the Continental Congress also encoded their documents. When the telegraph was invented, the Morse Code was used to send understandable messages via sound patterns.

Today, computer users encrypt documents, network space, and e-mail messages as a way to protect the confidentiality of their messages. The new types of encryption are very advanced, and sometimes complicated.but, the basic skill remains true to the ancient methods!

Below you will find a collection of links on cryptology use through history.

Morse Code:

o Visit this website to translate (and listen to!) your own message in Morse Code: http://www.soton.ac.uk/~scp93ch/morse/

Navajo Code Talkers in WWII:

o Visit this site to read more about these important Americans and their role in our victory during WWII: http://www.history.navy.mil/faqs/faq61-2.htm

ENIGMA in WWII:

o Learn more about the code machine, ENIGMA, cracked by the Allies in WWII http://www.odci.gov/cia/information/artifacts/enigma.htm

Secret Code Breakers Through History:

o This site http://codebreaker.dids.com/fhistory.htm contains many stories about the role of encryption in history.

Calling all cryptologists!

Your mission (should you choose to accept it) is to encrypt the message the following message using at least 3 different secret codes. Write your responses on a separate piece of paper.

Message to Encrypt:

The red balloon will launch at noon tomorrow. Alert all parties!

Helpful Resources:

The following links will provide you with an assortment of sample encryption techniques. Be sure to explore them all!

Numbers Stand for Letters

o http://www.funology.com/braindrains/bd002.cfm

Cryptographs

o http://www.scouting.org.za/codes/sliding.html

Pigpen Ciphers

o http://www.scouting.org.za/codes/pigpen.html

Mixed Up Alphabet

o http://www.funology.com/braindrains/bd001.cfm

Police Letters Alphabet

o http://www.happychild.org.uk/ifs/00001pla.htm

Morse Code Letters

o http://www.happychild.org.uk/ifs/00003mrs.htm

FUN Cryptology Projects for YOU to Try:

National Security Agencys Code Challenge: Visit this site http://www.nsa.gov/programs/kids/standard/lab/elementary/index.shtml to begin your journey as a secret agent for the federal government. Click on the Start Puzzle button to begin.

Mirror Writing: If you hold up to a mirror something with writing, the writing looks reversed. You can easily write notes and other things to look like mirror writing. Get a sheet of thin white or light colored paper. With a dark marker, write something on one side. Make sure you write it thick and dark enough so that it will show through on to the other side. Flip over the paper and trace what you wrote. You'll be tracing it backwards. It should come out like how you would see your regular writing if you were to hold it up to a mirror. For fun, write down different words, or write a note to someone, then reverse it and send it to them.

Invisible Ink: If you write with white crayon on a white piece of paper, it looks like there's nothing there. But if you then paint over it, your invisible writing will magically appear. Write words, phrases or even a note to someone, and then impress them by making it magically appear!

Cryptograph Wheel: You can make a special Cryptograph Wheel to solve cryptographs (see the picture!) First make two circles of cardboard, one a bit smaller than the other, and use a protractor to mark them off into 26 pieces of about 13.8 degrees each. Write one letter of the alphabet in each division on each wheel. Then attach the two wheels together using a split pin so that you can rotate them independently. Visit this site again to see an example: http://www.scouting.org.za/codes/sliding.html

American Sign Language: Use this site to learn more about signing the alphabet. http://www.mikesart.net/clorisacom/signlanguage/?inputstring=hello You can learn how to spell words. Enter a word into the box and press "translate" to see how it looks in the sign language. Each finger represents a letter.

Pin Marks:

Using a newspaper or a sheet of paper. Use a pin to make tiny holes under specific letters to spell out a secret message. To decipher the message, hold the paper up to a light (or window) and write down the marked letters.

See original here:
Encryption for Kids!

Description:

Encryption is the process of converting a plaintext message into ciphertext which can be decoded back into the original message. An encryption algorithm along with a key is used in the encryption and decryption of data. There are several types of data encryptions which form the basis of network security. Encryption schemes are based on block or stream ciphers.

The type and length of the keys utilized depend upon the encryption algorithm and the amount of security needed. In conventional symmetric encryption a single key is used. With this key, the sender can encrypt a message and a recipient can decrypt the message but the security of the key becomes problematic. In asymmetric encryption, the encryption key and the decryption key are different. One is a public key by which the sender can encrypt the message and the other is a private key by which a recipient can decrypt the message.

Glossary:

Asymmetric encryption algorithm. A modern branch of cryptography. also known as public-key cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.

Block cipher. These algorithms work on chunks of specific sized data along with a key resulting in blocks of cipher text. The National Institute of Standards and Technology (NIST) is a federal agency that approved the Data Encryption Standard (DES) block cipher an early encryption algorithm created in the mid 1970s. The American National Standards Institute (ANSI) also set this security algorithm as the Data Encryption Algorithm (DEA) standard. Another standard developed in the 1980s is the Triple Data Encryption Standard (3DES). Some commonly used block cipher algorithms are IDEA, RC2, RC5, CAST and Skipjack.

CBC, Cipher Block Chaining. Encryption mode.

CBD, Cipher block chaining mode. The results of the previously chained block is used in the encryption of the next chained block.

CCM, Counter with CBC-MAC. Encryption mode. A generic authenticated encryption block cipher mode. This mode is defined for use with 128-bit block ciphers such as AES.

CFB, Cipher FeedBack. Encryption mode.

Chinese Lottery. A cryptographic approach to cracking encryption algorithms utilizing a large number of machines across the Internet.

Cipher algorithm. A mechanism used to encrypt or decrypt a message.

Ciphertext. The resulting encrypted message produced by a cipher algorithm.

CTR, Counter. Encryption mode.

Decryption. The process of making a encrypted message recognizable with a cipher algorithm.

ECB, Electronic Code Book. Encryption mode.

Encryption. The process of making a message unrecognizable with a cipher algorithm.

Encryption key. A sequence of values that are used with a cipher algorithm to encrypt a message. The choice of random (or cryptographically pseudorandom) keys, a secure key exchange mechanism, frequent key refreshments, and good secrecy protection of keys are all essential ingredients for the security of the integrity verification mechanism.

OFB, Output FeedBack. Encryption mode.

Plaintext. An unencrypted message.

Private key. (RFC 2828) The secret component of a pair of cryptographic keys used for asymmetric cryptography. In a public key cryptosystem that key of a user's key pair which is known only by that user.

Public key A public key which encrypts a message. (RFC 2828) The publicly-discloseable component of a pair of cryptographic keys used for asymmetric cryptography. In a public key cryptosystem, that key of a user's key pair which is publicly known.

Public key encryption. An encryption mechanism where two keys are used. A public key is used to encrypt the message and a secret private key to decrypt the message.

Secret key. A single secret key which is used in conventional symmetric encryption which is used to encrypt and decrypt a message.

SIV, Synthetic Initialization Vector. Block cipher mode of operation. (RFC 5297) SIV takes a key, a plaintext, and multiple variable-length byte strings that will be authenticated but not encrypted. It produces a ciphertext having the same length as the plaintext and a synthetic initialization vector. Depending on how it is used, SIV achieves either the goal of deterministic authenticated encryption or the goal of nonce-based, misuse-resistant authenticated encryption.

Stream cipher. A symmetric encryption algorithm that processes the data a bit or a byte at a time with a key resulting in a randomized ciphertext or plaintext. Some commonly used stream cipher algorithms are RC4 and W7.

Symmetric encryption algorithm. The encryption key and the decryption key are interrelated and may even be the same.

3DES. Block cipher algorithm.

AES, Advanced Encryption Standard. Block cipher algorithm.

ARIA. Block cipher algorithm.

Blowfish. Block cipher algorithm.

Camellia. Block cipher algorithm.

CAST. Block cipher algorithm.

CLEFIA. Block cipher algorithm.

CMAC. Block cipher algorithm.

DES, Data Encryption Standard. Block cipher algorithm.

GOST 28147. Symmetric cipher algorithm.

[RFC 4357] Additional Cryptographic Algorithms for Use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms.

[RFC 4490] Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and GOST R 34.10-2001 Algorithms with Cryptographic Message Syntax (CMS).

IDEA, International Data Encryption Algorithm. Block cipher algorithm.

Mars. Block cipher algorithm.

MISTY1. Block cipher algorithm.

Rabbit. Stream cipher algorithm.

RC2. Block cipher algorithm.

RC4. Stream cipher algorithm. A proprietary encryption algorithm available under license from RSA Data Security Inc.

RC5. Block cipher algorithm.

RC6.

Rijndael. Block cipher algorithm. The winning algorithm of the AES competition.

SEED. Block cipher algorithm.

SKIPJACK. Block cipher algorithm.

SOBER. Stream cipher algorithm.

Twofish. Block cipher algorithm.

W7. Stream cipher algorithm. A byte wide, synchronous stream cipher optimized for efficient hardware implementation at very high data rates. It is a symmetric key algorithm supporting key lengths of 128 bits.

RFCs:

[RFC 3766] Determining Strengths For Public Keys Used For Exchanging Symmetric Keys.

[RFC 4107] Guidelines for Cryptographic Key Management.

[RFC 4270] Attacks on Cryptographic Hashes in Internet Protocols.

Publications:

Obsolete RFCs:

See the rest here:
Encryption algorithms - Network Sorcery

AES (Rijndael)

The algorithm was invented by Joan Daemen and Vincent Rijmen. The National Institute of Standards and Technology (http://www.nist.gov) has recently selected the algorithm as an Advanced Encryption Standard (AES).

The cipher has a variable block length and key length. Authors of the algorithm currently specify how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with a length of 128 bits.

BestCrypt uses Rijndael with a 256-bit key in LRW and XTS modes.

To get more information on the algorithm, visit the Rijndael Home Page: http://www.esat.kuleuven.ac.be/~rijmen/rijndael/.

The Blowfish is a fast encryption algorithm designed by Bruce Schneier. Bruce Schneier is well known as the president of Counterpane Systems, a security consulting firm, and the author of Applied Cryptography: Protocols, Algorithms, and Source Code.

The Blowfish encryption algorithm was specially designed to encrypt data on 32-bit microprocessors. Blowfish is significantly faster than DES and GOST when implemented on 32-bit microprocessors, such as the Pentium or Power PC.

The original Blowfish paper was presented at the First Fast Software Encryption workshop in Cambridge, UK (proceedings published by Springer-Verlag, Lecture Notes in Computer Science #809, 1994) and in the April 1994 issue of Dr. Dobbs Journal. In addition, "Blowfish--One Year Later" appeared in the September 1995 issue of Dr. Dobb's Journal.

BestCrypt uses the Blowfish with 448-bit key length, 16 rounds and 128-bit blocks in LRW mode.

Additional information about the Blowfish algorithm is also available on World-Wide-Web at: http://www.counterpane.com/blowfish.html

CAST-128 (described in RFC-2144 document http://www.faqs.org/rfcs/rfc2144.html) is a popular 64-bit block cipher allowing key sizes up to 128 bits. The name CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST.

BestCrypt uses CAST with 128-bit key in LRW mode.

The Government Standard of the USSR 28147-89, Cryptographic protection for Data Protection Systems, appears to have played the role in the former Soviet Union (not only in Russia) similar to that played by the US Data Encryption Standard (FIPS 46). When issued, GOST bore the minimal classification 'For Official Use,' but is now said to be widely available in software both in the former Soviet Union and elsewhere. The introduction to GOST 28147-89 contains an intriguing remark that the cryptographic transformation algorithm "does not put any limitations on the secrecy level of the protected information."

The GOST 28147-89 standard includes output feedback and cipher feedback modes of operation, both limited to 64-bit blocks, and a mode for producing message authentication codes. Additional information about the GOST 28147-89 algorithm is also available at the Jetico Web site: http://www.jetico.com/gost.htm

BestCrypt uses GOST 28147-89 with 256-bit key in LRW mode.

RC6 block cipher was designed by Ron Rivest in collaboration with Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin from RSA Laboratories. RSA's RC6 encryption algorithm was selected among the other finalists to become the new federal Advanced Encryption Standard (AES). Visit RSA Laboratories WWW-site (http://www.rsasecurity.com/rsalabs/node.asp?id=2512) to get more information on the algorithm.

BestCrypt uses the RC6 with 256-bit key and 128-bit blocks in LRW and XTS modes.

Serpent is a block cipher developed by Ross Anderson, Eli Biham and Lars Knudsen. Serpent can work with different combinations of key lengths. Serpent was also selected among other five finalists to become the new federal Advanced Encryption Standard (AES).

BestCrypt uses Serpent in LRW and XTS modes with a 256-bit key, 128-bits blocks and 32 rounds.

Additional information about the Serpent algorithm is also available on World-Wide-Web from: http://www.cl.cam.ac.uk/~rja14/serpent.html

The Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting.

Twofish is a symmetric block cipher; a single key is used for encryption and decryption. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits.

The National Institute of Standards and Technology (NIST) investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm. As the authors of the algorithm state, "we have spent over one thousand hours cryptanalyzing Twofish, and have found no attacks that go anywhere near breaking the full 16-round version of the cipher."

BestCrypt uses a full 16-round version of Twofish and a maximum possible 256-bit encryption key length in LRW and XTS modes.

Additional information about the Twofish algorithm is available also on the World-Wide-Web from: http://www.counterpane.com/twofish.html

Continue reading here:
Encryption Algorithms - Jetico | Encryption Software ...

Modern Examples of Symmetric Authenticated Encryption of a string.

The general best practice for symmetric encryption is to use Authenticated Encryption with Associated Data (AEAD), however this isn't a part of the standard .net crypto libraries. So the first example uses AES256 and then HMAC256, a two step Encrypt then MAC, which requires more overhead and more keys.

The second example uses the simpler practice of AES256-GCM using the open source Bouncy Castle (via nuget).

Both examples have a main function that takes secret message string, key(s) and an optional non-secret payload and return and authenticated encrypted string optionally prepended with the non-secret data. Ideally you would use these with 256bit key(s) randomly generated see NewKey().

Both examples also have a helper methods that use a string password to generate the keys. These helper methods are provided as a convenience to match up with other examples, however they are far less secure because the strength of the password is going to be far weaker than a 256 bit key.

Update: Added byte[] overloads, and only the Gist has the full formatting with 4 spaces indent and api docs due to StackOverflow answer limits.

.NET Built-in Encrypt(AES)-Then-MAC(HMAC) [Gist]

Bouncy Castle AES-GCM [Gist]

Read more:
c# - Encrypt and decrypt a string - Stack Overflow