* LibreOffice 3.4.5 and lower can write files whose password protection relies on Blowfish; * LibreOffice 3.4.4 and lower can read files whose password protection relies on Blowfish; * LibreOffice 3.4.5 and higher can read files whose password protection relies on AES-256; * LibreOffice 3.5.0 and higher can write files whose password protection relies on AES-256; * OpenOffice.org 3.3 and lower can read/write files whose password protection relies on SHA1/Blowfish; * Apache OpenOffice 3.4 and higher can read/write files whose password protection relies on SHA256/AES; https://wiki.openoffice.org/wiki/User:TJFrazier/Encryption contains a transitional macro for AOo 3.4, to read SHA1/Blowfish encrypted documents. The Crypto++ library contains routines for encrypting/decrypting blowfish, AES-256, and other algorithms for ciphers. http://sourceforge.net/projects/ooomacros/files/PasswordCracker/ is an OOo extension/macro that brute forces passwords.
It was last updated in 2005, so it won't work with LibO 3.5.0, and higher, or AOo 3.4 and higher. I noticed that SourceForge didn't offer "Code" on the project components line, so source code might not be available. http://archive09.linux.com/articles/61635 is an article from 2007 on breaking documents encrypted with OOo. http://ringlord.com/dl/Decrypting%20ODF%20Files.pdf is an in-depth explanation of how to decrypt ODF File Format files. One of the commercially distributed password recovery tools claims that the estimated time to recover a password are: * 5 characters: 28 minutes; * 6 characters: 44 hours; * 7 characters: 174 days; * 8 characters: 45 years; I'm assuming the normal stupid password selection process that is typically used. At 10,000 passwords per second, brute force for the 192 ASCII set of glyphs: (This is run of the mill equipment.)
Glyphs Duration Unit
2 1.84 seconds; 3 5.90 minutes; 4 0.786 days; 5 21.57 weeks; 6 79.65 years; 7 1.53E+004 years; 8 2.94E+006 years; 9 5.64E+008 years; 10 1.08E+011 years; 11 2.08E+013 years; 12 3.99E+015 years; 13 7.66E+017 years; 14 1.47E+020 years; 15 2.82E+022 years; 16 5.42E+024 years; 17 1.04E+027 years; 18 2.00E+029 years; 19 3.84E+031 years; 20 7.37E+033 years; At 1,000,000,000 passwords per second, brute force for the 192 ASCII set of glyphs: (This is COTS hardware, albeit optimized for this specific task.)
Glyphs Duration Unit
2 0.00 seconds; 3 0.00 seconds; 4 0.68 seconds; 5 130.46 seconds; 6 6.96 hours; 7 55.66 days; 8 29.36 years; 9 5.64E+003 years; 10 1.08E+006 years; 11 2.08E+008 years; 12 3.99E+010 years; 13 7.66E+012 years; 14 1.47E+015 years; 15 2.82E+017 years; 16 5.42E+019 years; 17 1.04E+022 years; 18 2.00E+024 years; 19 3.84E+026 years; 20 7.37E+028 years; At 1,000,000,000 passwords per second, brute force for the 65536 Unicode Base Plane set of glyphs: (This uses COTS hardware, albeit optimized for this specific task.)
Glyphs Duration Unit
2 2.15 seconds; 3 39.09 hours; 4 293.27 years; 5 1.92E+007 years; 6 1.26E+012 years; 7 8.25E+016 years; 8 5.41E+021 years; 9 3.55E+026 years; 10 2.32E+031 years; 11 1.52E+036 years; 12 9.98E+040 years; 13 6.54E+045 years; 14 4.29E+050 years; 15 2.81E+055 years; 16 1.84E+060 years; 17 1.21E+065 years; 18 7.91E+069 years; 19 5.18E+074 years; 20 3.40E+079 years; At 10,000,000,000 passwords per second, brute force for the 65536 Unicode Base Plane set of glyphs: (This uses COTS hardware, albeit somewhat specialized, and optimized for this specific task.)
Glyphs Duration Unit 2 0.21 seconds; 3 3.91 hours; 4 29.33 years; 5 1.92E+006 years; 6 1.26E+011 years; 7 8.25E+015 years; 8 5.41E+020 years; 9 3.55E+025 years; 10 2.32E+030 years; 11 1.52E+035 years; 12 9.98E+039 years; 13 6.54E+044 years; 14 4.29E+049 years; 15 2.81E+054 years; 16 1.84E+059 years; 17 1.21E+064 years; 18 7.91E+068 years; 19 5.18E+073 years; 20 3.40E+078 years; Various things that can speed up the decryption time: * Knowing some, or all of the password; * Using good wordlists;
* Incorporating known mangling patterns into the software decryption process; * Throwing more hardware at the password;
OpenWall sells a pretty good starting wordlist, for use with John The Ripper.
http://www.openwall.com/wordlists/. It will have to be modified, for use with any software that decrypts ODF formatted files.
No comments:
Post a Comment