[5176] in cryptography@c2.net mail archive
salty ms products
daemon@ATHENA.MIT.EDU (staym@accessdata.com)
Wed Jul 21 17:46:09 1999
From: staym@accessdata.com
Date: Wed, 21 Jul 1999 15:14:34 -0600
To: cryptography@c2.net
The encryption in MS Word / Excel uses 32 *bytes* of salt. It's
interesting to me that this is just enough room to store a password 16
unicode characters long, the maximum length password you're allowed.
Just choose the first prime smaller than 2^256, one of say, 1024
multipliers, and modular multiply to get a random-looking salt. Now the
security's 2^10. I've been poking around and haven't found any reason
to believe that this actually happens (40-bit encryption is weak enough
as it is), but I still have to wonder-- why so much salt?
--
Mike Stay
Cryptographer / Programmer
AccessData Corp.
mailto:staym@accessdata.com
