Yesterday I was talking about secrets hiding and cryptography. A friend of mine said he was able to crack any Word document in one day as a maximum. He said it was not a problem of password complexity: he knew how to strip Word protection away. As a proof, he took an old Word document and he was actually able to crack it in a few minutes.
I said he was only lucky and that I was ready to bet a non trivial sum of money that he would not be able to crack a Word document encrypted by me. He laughed out loud, he said I just wanted to lose money… but he did not accept my bet.
Then I sent the Word document encrypted by me to him anyway: he is still trying to crack it (a week is already passed… but I think the encryption will stand against his attacks for ten/fifteen years).
I told you this little story as a metaphor of how things really go when talking about encryption: it is almost always a matter of process, and not tools.
Word has an excellent encryption system, although it is limited by US key length limitation: if you just know how to do it, you can super-encrypt a Word document, and be sure that no-one (except, perhaps, CIA) will succeed in cracking it. The problem is that it is not easy to encrypt a Word document well: you must know a thing or two before doing it. Just pressing “Protect this document with a password” does not work (and makes people like my friend boast himself!)
The story has morale: market lack of tools that make serious encryption easily. That’s one of encryption software house missions: to produce easy to use, but serious encryption tools (such as Folder Crypt).
Secondarily, that it is often heard of people cracking programs, software barriers, ciphered documents and this makes the casual Internet user think that no real security is possible on Internet. Again, this happens because encryption processes and policies are often weak, when not at all bugged.
On the contrary, data encrypted following secure processes and using encryption standard tools remain secret.
Oh, by the way: to safely encrypt a Word document just follow these steps:
1. Start Word.
2. Select File | Save as.
3. Select the Tools extended menu option.
4. Select Security Options from the drop-down list.
5. Click the Advanced button.
6. From the Encryption Type dialog, copy the name of the encryption type name and encryption algorithm from the Choose an encryption type list.
7. RC4, Microsoft enhanced RSA and AES Cryptographic provider
8. Set maximum key length to 128