Can two passphrases result into same 40 bit encryption key - Office 2003

1

If I understand correctly, when we password protect an Office 2003 document, the passphrase is converted to a 40 bit key that's internally used to encrypt the document.

If so, is there any chance whereby two different passphrases result into the same 40 bit key?

Is Office 2003 susceptible to such a vulnerability when it comes to encryption?

It's altogether different story that today's high speed CPUs can brute force a 40 bit key in a finite time.

Thanks.

rajeev

Posted 2017-07-30T19:13:44.530

Reputation: 1 088

2

By the pigeonhole principle, if passphrases of (potentially and very likely) greater than 40 bits of entropy are hashed into a 40-bit value, collisions are inevitable. The more interesting question is how much effort is necessary to find such a collision?

– user4556274 – 2017-07-30T19:31:38.133

"It's altogether different story that today's high speed CPUs can brute force a 40 bit key in a finite time." I don't agree. If the window is open, it makes no difference how secure the lock on the door is. – David Schwartz – 2017-07-30T20:38:57.960

Answers

2

Roughly, you can expect one collision for every million passwords (see the wikipedia entry on the birthday problem for an explanation).

The rule of thumb is that there is about a 50% chance of collision for every 2n/2 repetitions, where n is the number of bits in the key.

teppic

Posted 2017-07-30T19:13:44.530

Reputation: 346

Asked: 2017-07-30T19:13:44.530

Viewed: 69 times

Active: 2017-07-30T20:36:42.207