1
If I understand correctly, when we password protect an Office 2003 document, the passphrase is converted to a 40 bit key that's internally used to encrypt the document.
If so, is there any chance whereby two different passphrases result into the same 40 bit key?
Is Office 2003 susceptible to such a vulnerability when it comes to encryption?
It's altogether different story that today's high speed CPUs can brute force a 40 bit key in a finite time.
Thanks.
2
By the pigeonhole principle, if passphrases of (potentially and very likely) greater than 40 bits of entropy are hashed into a 40-bit value, collisions are inevitable. The more interesting question is how much effort is necessary to find such a collision?
– user4556274 – 2017-07-30T19:31:38.133"It's altogether different story that today's high speed CPUs can brute force a 40 bit key in a finite time." I don't agree. If the window is open, it makes no difference how secure the lock on the door is. – David Schwartz – 2017-07-30T20:38:57.960