Forums Bugs & issues Folder decryption works only part way

This topic contains 15 replies, has 2 voices, and was last updated by  Franz 6 years, 10 months ago.

Viewing 15 posts - 1 through 15 (of 16 total)
  • Author
    Posts
  • #6290 Reply

    Old Bob

    I have a folder of several hundred XCEL spreadsheets.  Some from recent versions of the program are labeled filetype “xlsx”, others, from earlier versions of the program are filetype “xls”.  All were encrypted using the trial version of AxCrypt.

    Now when trying to access them, the spreadsheets with filetype xlsx decode properly.  Those with filetype xls won’t decode at all.  What can I do to recover those files?

    #6291 Reply

    Munroe

    You can always decrypt your files irrespective of the fact that you encrypted them with a trial, premium or free version of AxCrypt.

    XLSX files are a modern version of XLS files so this won’t make any difference assuming you’ve got Microsoft Excel installed.

    What error are you getting when trying to open or decode the XLS files? A screenshot would be handy and feel free to black out any personal information.

    #6294 Reply

    Old Bob

    Monroe

    Thank you for the suggestion.  I do have Microsoft XCEL installed.  It is what I use to look at the xlxs files.  I can’t take a screen shot of the message.  However, the message is in the blank data area of the XCEL spreadsheet, and it reads

    ” The password you supplied is not correct.  Verify that the CAPS LOCKED key off, and be sure to use the correct capitalization.”

    Thanks again for the suggestion.

    Old Bob

    #6295 Reply

    Svante
    Spectator

    Hello Old Bob,

    This means that the Excel-file itself is password protected by Excel. This has nothing to do with AxCrypt. Google the error message, and the top hit is: https://support.microsoft.com/en-in/help/321147/error-message-the-password-you-supplied-is-not-correct .

    Apparently, you have both password-protected the Excel file and also then encrypted it with AxCrypt. You’ll have to remember the Excel password – or get a cracker. Contrary to AxCrypt, Excel password protection can usually be cracked ;-)

    #6296 Reply

    Glenn

    Contrary to AxCrypt, Excel password protection can usually be cracked ;-)

    That used to be true with Microsoft Office versions 2007 and below.

    Subsequent versions: 2010, 2013 and 2016 use uncrackable AES encryption – 100,000 iterations + AES-128.

    #6297 Reply

    Old Bob

    Thank you everyone,

    You are completely correct that the older xls files had been password protected before I encrypted them with AxCrypt.  Encrypting them and wanting to decrypt them caused me to completely forget that they were password protected in EXCEL.  My face is suitably red!

    Old Bob

    #6298 Reply

    Svante
    Spectator

    others, from earlier versions of the program are filetype “xls”

    That used to be true with Microsoft Office versions 2007 and below.

    The file was of type .xls, which is an older format, and that was the format *before* Office 2007.

    #6304 Reply

    Franz

    The picture is a bit more complicated.

    Even Microsoft Office 2007 used AES128 but it uses 50,000 spins instead of the more recent 100,000. Excel 2007 saves to XLS by default. This cannot be broken unless it’s a very short and weak passwords.

    Microsoft significantly improved security in Office 2013 by introducing SHA512 which made brute forcing and rainbow table searches much slower.

    The most recent versions Office 2013 and Office 2016 provide extremely high levels of security. Commercial cracking software only works for passwords below 8 characters from 2007 and onwards unless you’re prepared to wait for a very long time.

    None of this matters now because the original user has realised it’s an Excel password and not his AxCrypt password.

    #6307 Reply

    Svante
    Spectator

    Hello Franz,

    As you say – it doesn’t matter for the original poster. However, I always like to learn new things.

    I do know about the 50,000 vs. 100,000 iterations for Office 2007 vs. later, but I did not realize that the XLS file format was sophisticated enough to handle in a backwards compatible manner a different encryption technique.

    I.e. Excel 2003 password protects using the known weaker encryption, while Excel 2007 (or later) can password protect using the newer stronger encryption – in the same file format, such that Excel 2003 can actually recognize that it can’t decrypt a .XLS file enrypted with Excel 2007. Presumably it displays a mesage to the effect that it can’t open the file because it’s been saved by a newer version of Excel then?

    Browsing the specification for XLS files and office encryption actually I can’t really tell. Wow – those specs are complicated! What I do see even with a brief browsing is that there are about a zillion different ways “password protection” may actually be performed on a document. If the default is changed for example, a regular user would never notice. The installation default for later versions of office is indeed AES-128/SHA-1, but there are many caveats there too. In comparison, the AxCrypt technical specification is a lot easier to analyze and implement. One way to compare is that the Office Document Cryptography Structure specification is 107 pages (including 7 pages index), the AxCrypt Version 2 Algorithms and File Format is 12 pages (without any index) including rationales.

    Ok, that was quite off-topic! Sorry ;-)

    #6309 Reply

    Franz

    Presumably it displays a mesage to the effect that it can’t open the file because it’s been saved by a newer version of Excel then?

    Yes and no.

    If for example the file was saved in Office 2003 as an XLS then the encryption is RC4 which can be broken extremely quickly.

    Pretending you email me the file and I save it in Office 2007. By default the encryption will remain in RC4 but I can change that manually be amending the Crypto Provider. I would be given a warning similar to the one below (I couldn’t find the right message) but instead of saying a “Minor loss of fidelity” it would warn me that the file could not be opened in earlier versions.

    This is the Crypto Provider screen which can upgrade or downgrade the cryptography in an XLS (or XLSX) file. Most users would never understand or encounter this.

    The latest versions of Excel have a number of formats and Excel is smart enough to recognise that in a 97-2003 Workbook that the encryption needs to be RC4 and the user would have to manually change the Crypto Provider to work otherwise.

    XLS has always been a very flexible format but you’re correct about the specification, it’s extremely complicated.

    For most users saving in the latest versions of Excel, with a secure password, they have no fear about the security unlike in olden times of Office. The default option is suitably secure even as AES128, 100,000 iterations at SHA1.

    #6310 Reply

    Svante
    Spectator

    Thanks Franz,

    Last(?) question…

    From what you’re saying (and what I gleaned from the cursory glance at the office spec for cryptography and XLS), and from the screens above, it seems like the default behavior for saving a .XLS file even in modern versions of Excel is compatible with Excel 97 – 2003 which would imply that such a save has the weaknesses these versions of Excel has.

    So, assuming a non-expert non-cryptography-setting-tweaking user, it’s still a fairly safe assumption that a .XLS file if password protected is protected with the old weak form of Office crypto – right?

    If the file is saved in .XSLX-format, it’s also a fair assumption to make that it is saved as AES-128, once again assuming the non-tweaking user. So your last statement “For most users saving in the latest versions of Excel, with a secure password, they have no fear about the security unlike in olden times of Office. The default option is suitably secure even as AES128, 100,000 iterations at SHA1.” is valid when the file is saved as .XLSX in a newer version of Excel.

    #6311 Reply

    Franz

    it seems like the default behavior for saving a .XLS file even in modern versions of Excel is compatible with Excel 97 – 2003

    That is the default behaviour if the user selects .XLS.

    The cryptography is downgraded to RC4 if the user selects the .XLS format and they’re not warned about the legacy encryption which will be used.

     

    So, assuming a non-expert non-cryptography-setting-tweaking user, it’s still a fairly safe assumption that a .XLS file if password protected is protected with the old weak form of Office crypto – right?

    Generally speaking, yes. Some workplaces manually force the Crypto Providers through group policy to comply with FIPS etc. If this the case then all bets are off.

     

    If the file is saved in .XSLX-format, it’s also a fair assumption to make that it is saved as AES-128, once again assuming the non-tweaking user

    Yes. Also .XSLX is the default format now for Microsoft Excel and the majority of spreadsheets I’ve seen in the last decade have been .XSLX.

     

    Here’s some more information that may help the original poster if he’s forgotten his password, and for you as a background reference,

    https://www.elcomsoft.com/help/en/aopr/office_2007_password_to_open.htm

    https://www.elcomsoft.com/help/en/aopr/index.html

    https://www.elcomsoft.com/aopr.html

    Their  software can be purchased to crack some passwords instantly, remove editing passwords, crack opening passwords, use mask attacks, rainbow tables or brute force against Microsoft Office. It’s extremely slow for short passwords from 2013 onwards but from 2007 it might help for short passwords but it’s useless if they’ve got a long password set.

    Each version has successively got more secure – look at the difference!

    • 2010 – 24,500 passwords per second
    • 2016 – 3,220 passwords per second

    You can accelerate some of the older versions, or modern versions, via distributed computing using their software but it’s not worth it and there’s little chance of success.

    #6312 Reply

    Franz

    “2016 – 3,220 passwords per second” should read 2013.

    They’ve not published statistics for Office 2016.

    #6313 Reply

    Svante
    Spectator

    Once again, thanks Franz!

    #6351 Reply

    Franz

    By coincidence Sophos have published an article today titled Are you encrypting your documents? Here’s what happens when you don’t and it covers Microsoft Office encryption. (Oddly, their article doesn’t recommend (or even discuss) their own encryption products!))

    Their conclusion about Microsoft Office is:

    “The simple takeaway is that only the encryption offered from Office 2013 onwards is worth relying on, but any encryption is better than none, even versions with theoretical weaknesses.”

     

     

Viewing 15 posts - 1 through 15 (of 16 total)
Reply To: Folder decryption works only part way
Your information: