Jump to Navigation

Password Section

Password Section

This sextion is found in documents that have been encrypted with a password. Its contents is not yet fully decoded. It is 29 bytes long.

Size Data Description

B Always A2 ?

W Always 01 00 ?

W Checksum ?

L ID Always 03 01 00 10 ?

20B Encrypted password

Presumably, the plaintext password is put through a (one-way?) hash function and the result is put in this section.

Encrypted Sections

If a file is encrypted by a password, only a few sections will actually be encrypted:

 Filetype  Section ID  Section Name

Word File 10000106 Text Section
Sheet File 1000011D
10000121 Sheet Graph List Section

Encryption Method

The plaintext is separated into blocks of 20 bytes. The last block is padded with bytes containing 30. Each block is encypted by adding a 20 byte long key. This key is somehow based on the plaintext password (probably through a similar, though different, hash function as that which is used to encrypt the password), and it is the same for each block.

The resulting encryption seems to be fairly weak. For a word file, for example, you can gather a lot of information from the other (unencrypted) sections; for a longer text, this is probably enough to break the encryption key, without ever needing the plaintext password! This could even be automated somewhat: if there is a Paragraph Element List, you know the length of each paragraph; you also know that (almost) all paragraphs end with a 06 byte.



Psifiles | by Dr. Radut