Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
A modified exhaustive search on a password system using SHA-1
Kim M., Jung Y., Song J. International Journal of Information Security16 (3):263-269,2017.Type:Article
Date Reviewed: Jul 6 2017

Nowadays information is more and more of an asset; as such, it is becoming ever more important as evidence in law enforcement cases. Being valuable, information is often encrypted; thus law enforcement bodies must have access to methods and tools to decrypt it.

This compact paper presents a method to retrieve passwords used to encrypt Microsoft Word 2007 and Word 2010 documents. First, it describes the method used by these two applications to encrypt a document. For both versions of Word, it is the same and is based on a two-step process. In step 1, a key is generated from a password chosen by the user; in step 2, the whole document goes through an authentication scheme based on that key. (The key generation function and authentication scheme differ in the two Word versions.) Document decryption (or cracking, as hackers would say) is performed through a process involving a key and a ciphertext: when the two match, the document is decrypted and made readable; this process, though, is difficult, as a single key/ciphertext comparison cycle could involve up to 100,000 iterations. The method presented in this paper reduces the number of iterations involved by precomputing and optimizing ciphertext representation. The results cited in the paper show a reduction of about 47 percent in password discovery time compared to brute force search. These are very interesting results. The only flaw I see is that they refer only to Word 2007 and Word 2010 documents. Maybe in future works, these results could be generalized to a broader class of documents and files.

Reviewer:  Andrea Paramithiotti Review #: CR145406 (1709-0619)
Bookmark and Share
  Featured Reviewer  
 
Hash-Table Representations (E.2 ... )
 
 
Microsoft Office (H.4.1 ... )
 
 
Security and Protection (D.4.6 )
 
Would you recommend this review?
yes
no
Other reviews under "Hash-Table Representations": Date
On the use of extendible hashing without hashing
Bechtold U., Kuspert K. Information Processing Letters 19(1): 21-26, 1984. Type: Article
Mar 1 1985
Analysis of new variants of coalesced hashing
Chen W., Vitter J. (ed) ACM Transactions on Database Systems 9(4): 616-645, 1984. Type: Article
Jun 1 1985
A polynomial time generator for minimal perfect hash functions
Sager T. Communications of the ACM 28(5): 523-532, 1985. Type: Article
Jun 1 1986
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy