Office 2013 encryption uses 128-bit AES using SHA-512 algorithm. The encryption methods are far more complex than they used to be in earlier Office versions. The slow hash-cracking is the result of efforts the Microsoft Office application puts into storing the password hash and encrypting the document. Commercial software definitely can have its niche and a quick survey of Password Recovery software shows some interesting offerings, especially regarding distributed workloads that the open-source community has struggled to find significant growth. There’s a mantra that Black Hills Information Security SysAdmins have: we are neither pro-proprietary nor pro-open source we are pro-security awareness. To be fair, I can’t say if a commercial software is faster (better, faster, stronger), but I will say that if it includes professional support and you’re dealing with something complicated, that’s always nice to have. In fact, both JTR and Hashcat have active development to this day. In discussing our typical run-down of hashing on John the Ripper (JTR) and Hashcat, the user responded with “I used that 15 years ago… people still do that”? The problem is they were still getting ridiculously slow hashing speeds making brute force unfitting. The question came from BHIS’s extended community who is using commercial password-recovery tools with distributed CPU and GPU processing power. I recently got a couple of questions about a better way to crack encrypted Excel files. Then we use a custom dictionary for pwnage in LinkedIn hash database. TLDR : We use a custom dictionary to crack Microsoft Office document encryption.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |