Office has "kindergarten crypto mistake"

The data protection feature in Microsoft Word and Excel documents has a major flaw that could allow snoopers to decode password-protected files, a security researcher has warned.

Hongjun Wu, a cryptographer at the Institute of Infocomm Research in Singapore, wrote in a paper on the topic that the problem arises because Microsoft programmers did not implement the encryption correctly in its Office applications.

"A lot of information could be retrieved from those encrypted files," Wu said in the paper. "If anyone has used the encryption in Microsoft Office... then it is time for him/her to assess the damage that has been caused."

Microsoft said on Thursday that it has begun investigating the flaw.

Microsoft said in a statement: "Our early investigation indicates that this issue poses a very low threat for customers. In some cases, an attacker may be able to read the contents of an encrypted file, if multiple versions of that file are available to the attacker. The attacker would need to have access to two distinct files with the same name that are protected by the same password in order to attempt to exploit the vulnerability."

In the world of cryptographers, encryption schemes that encode more than one message using the same key are seen as flawed. That's because a comparison of the information in the encrypted messages can significantly shorten the search for the correct key to unlock the messages.

The Microsoft Office flaw is the latest issue that Microsoft has had with implementing encryption in its products. Security researchers have taken the company to task repeatedly in the past for the weak passwords in previous versions of the Windows operating system. Moreover, the company was at the centre of a debate in 1999 on whether the code keys central to Windows NT security were actually secure.

Bruce Schneier, chief technology officer of Counterpane Internet Security and author of "Applied Cryptography", said the current issue is almost identical to the weak system key issue in 1999.

"This is a kindergarten crypto mistake," Schneier said. "And to make it twice is worse."

Schneier, who wrote about the issue on his blog earlier this week, hammered at Microsoft for not learning from past mistakes.

The software maker said that it had not uncovered the newly reported vulnerability in its code reviews, but noted that the flaw appeared similar to a previous flaw.

Microsoft also said it would review the cryptographic code in Office. "Upon completion of this investigation, Microsoft will take the appropriate actions to protect customers, which may include providing a security update through our monthly release process," the company said.

Robert Lemos writes for CNET News.com.