Forums › Bugs & issues › Folder decryption works only part way › Reply To: Folder decryption works only part way
Hello Franz,
As you say – it doesn’t matter for the original poster. However, I always like to learn new things.
I do know about the 50,000 vs. 100,000 iterations for Office 2007 vs. later, but I did not realize that the XLS file format was sophisticated enough to handle in a backwards compatible manner a different encryption technique.
I.e. Excel 2003 password protects using the known weaker encryption, while Excel 2007 (or later) can password protect using the newer stronger encryption – in the same file format, such that Excel 2003 can actually recognize that it can’t decrypt a .XLS file enrypted with Excel 2007. Presumably it displays a mesage to the effect that it can’t open the file because it’s been saved by a newer version of Excel then?
Browsing the specification for XLS files and office encryption actually I can’t really tell. Wow – those specs are complicated! What I do see even with a brief browsing is that there are about a zillion different ways “password protection” may actually be performed on a document. If the default is changed for example, a regular user would never notice. The installation default for later versions of office is indeed AES-128/SHA-1, but there are many caveats there too. In comparison, the AxCrypt technical specification is a lot easier to analyze and implement. One way to compare is that the Office Document Cryptography Structure specification is 107 pages (including 7 pages index), the AxCrypt Version 2 Algorithms and File Format is 12 pages (without any index) including rationales.
Ok, that was quite off-topic! Sorry ;-)