Forums Bugs & issues Folder decryption works only part way Reply To: Folder decryption works only part way

#6307 Reply


Hello Franz,

As you say – it doesn’t matter for the original poster. However, I always like to learn new things.

I do know about the 50,000 vs. 100,000 iterations for Office 2007 vs. later, but I did not realize that the XLS file format was sophisticated enough to handle in a backwards compatible manner a different encryption technique.

I.e. Excel 2003 password protects using the known weaker encryption, while Excel 2007 (or later) can password protect using the newer stronger encryption – in the same file format, such that Excel 2003 can actually recognize that it can’t decrypt a .XLS file enrypted with Excel 2007. Presumably it displays a mesage to the effect that it can’t open the file because it’s been saved by a newer version of Excel then?

Browsing the specification for XLS files and office encryption actually I can’t really tell. Wow – those specs are complicated! What I do see even with a brief browsing is that there are about a zillion different ways “password protection” may actually be performed on a document. If the default is changed for example, a regular user would never notice. The installation default for later versions of office is indeed AES-128/SHA-1, but there are many caveats there too. In comparison, the AxCrypt technical specification is a lot easier to analyze and implement. One way to compare is that the Office Document Cryptography Structure specification is 107 pages (including 7 pages index), the AxCrypt Version 2 Algorithms and File Format is 12 pages (without any index) including rationales.

Ok, that was quite off-topic! Sorry ;-)