comp.security.firewalls archive
Re: Trojan horse Downloader.Generic.ML
Date: Thu Jun 30 2005 - 01:33:14 CEST
On Sun, 19 Jun 2005 23:50:22 -0400, kurt wismer <kurtw@sympatico.ca>
wrote:
>that's not the real issue though - the real issue is that with an output
>feedback stream cipher (like rc4), if you encrypt 2 messages (packets)
>with the same key (wep key + initialization vector) you can cancel out
>the key by XORing the 2 encrypted messages together.
As an aside, I happened across an article about this same
vulnerability in ms word and excel.
http://www.securiteam.com/securityreviews/5KP0G20EUE.html
All versions of a (password protected) saved document use the same
initialization vector so if you get hold of two different versions of
the same document or a document which has been "saved as .." then
subsequently edited and xor them against each other, you can read a
portion of the output with winhex (or whatever). I just did a test
with ms word 2k and could read more or less the complete text but
apparently it applies to all versions of word and excel which use rc4.
Jim.
Received on Thu Sep 29 19:57:19 2005