/[public]/psiconv/trunk/formats/psion/Password_Section.psi
ViewVC logotype

Diff of /psiconv/trunk/formats/psion/Password_Section.psi

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 149 Revision 150
17mU 17mUX  
2
3d"Times New RomanN1 2d"Times New RomanN1
4< *Koptekst 2L 3< *Koptekst 2L
5< *Koptekst 3L *OpsomtekenOSwissh3r h3r efdefLd.A[Password Section]Password SectionThis sextion is found in documents that have been encrypted with a password. Its contents is not yet fully decoded. It is 29 bytes long. Size Data Description B Always A2 ? W Always 01 00 ? W Checksum ? L ID Always 03 01 00 10 ? 20B Encrypted passwordPresumably, the plaintext password is put through a (one-way?) hash function and the result is put in this section.[Encrypted Sections]Encrypted SectionsIf a file is encrypted by a password, only a few sections will actually be encrypted: Filetype SectionID Section Name Word File 10000106 Text Section Sheet File 1000011D 10000121[Encryption Method]Encryption MethodThe plaintext is separated into blocks of 20 bytes. The last block is padded with bytes containing 30. Each block is encypted by adding a 20 byte long key. This key is somehow based on the plaintext password (probably through a similar, though different, hash function as that which is used to encrypt the password), and it is the same for each block. The resulting encryption seems to be fairly weak. For a word file, for example, you can gather a lot of information from the other (unencrypted) sections; for a longer text, this is probably enough to break the encryption key, without ever needing the plaintext password! This could even be automated somewhat: if there is a ParagraphElement List, you know the length of each paragraph; you also know that (almost) all paragraphs end with a 06 byte. " Courier New "Times New Roman " Courier New tV$&a @"Arial"Times New Roman " Courier New " Courier New "Times New Roman "Times New Roman " Courier New" " Courier New " Courier New "Times New Roman "Times New Roman"Word.app C"y 4< *Koptekst 3L *OpsomtekenOSwissh3r h3r efdefLd.A=[Password Section]Password SectionThis sextion is found in documents that have been encrypted with a password. Its contents is not yet fully decoded. It is 29 bytes long. Size Data Description B Always A2 ? W Always 01 00 ? W Checksum ? L ID Always 03 01 00 10 ? 20B Encrypted passwordPresumably, the plaintext password is put through a (one-way?) hash function and the result is put in this section.[Encrypted Sections]Encrypted SectionsIf a file is encrypted by a password, only a few sections will actually be encrypted: Filetype SectionID Section Name Word File 10000106 Text Section Sheet File 1000011D  10000121 Sheet Graph List Section[Encryption Method]Encryption MethodThe plaintext is separated into blocks of 20 bytes. The last block is padded with bytes containing 30. Each block is encypted by adding a 20 byte long key. This key is somehow based on the plaintext password (probably through a similar, though different, hash function as that which is used to encrypt the password), and it is the same for each block. The resulting encryption seems to be fairly weak. For a word file, for example, you can gather a lot of information from the other (unencrypted) sections; for a longer text, this is probably enough to break the encryption key, without ever needing the plaintext password! This could even be automated somewhat: if there is a ParagraphElement List, you know the length of each paragraph; you also know that (almost) all paragraphs end with a 06 byte. " Courier New "Times New Roman " Courier New tV$'*a @"Arial"Times New Roman " Courier New " Courier New "Times New Roman "Times New Roman " Courier New" " Courier New " Courier New " Courier New " Courier New " Courier New "Times New Roman "Times New Roman"Word.app C"yK
6

Legend:
Removed from v.149  
changed lines
  Added in v.150

frodo@frodo.looijaard.name
ViewVC Help
Powered by ViewVC 1.1.26