14 DAY TRIAL // The encryption improvements planned for Office 2007 Service Pack 2 will place the system on par with Office 14. According to Microsoft, following the implementation of SP2, Office 2007 will be able to play nice with documents encrypted using Office 14, the next iteration of the Office System. Aiming to make encryption “more agile,” Microsoft pointed out that the ECMA-376 Agile Encryption (according to MS-OFFCRYPTO) would sum up the substantial enhancements delivered with Service Pack 2.
“With the new encryption, we're introducing a bunch of very cool stuff: configurable symmetric encryption; cipher-block chaining (CBC or CFB); configurable hashing algorithms; support for block ciphers with block sizes from 2 to 4096 bytes; configurable salt, up to 64k bytes; iterated hashing of passwords up to 10 million iterations (default raised to 100,000); and integrity checking,” stated David LeBlanc, senior security technologist in Microsoft’s Information Technology Group.
LeBlanc revealed that Microsoft aimed to ensure that the evolution of the Office System would not break compatibility with encrypted documents. In this regard, the end goal was to take encryption to the next level, while continuing to permit Office 2007 to open documents from Office 16, for example. Still, with SP2, Microsoft does manage to enhance the protection level of encrypted documents. LeBlanc indicated that a brute force attack designed to deliver the password of an encrypted Office 2007 file could only amount to an insignificant 5000 cracks/sec.
“The reason we're shipping this in a service pack is that we'd like customers to be able to be Suite-B compliant using Office 2007 SP2, or use other private encryption mechanisms. The second reason is that we need Office 2007 SP2 users to be able to consume encrypted documents created by Office 14 when we ship it. We do have some more cool stuff we're working on and I'll [reveal] about that when we get closer to being able to release Office 14.”