Sign in / up

back to article FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher

Microsoft Office 365 Message Encryption claims to offer a way "to send and receive encrypted email messages between people inside and outside your organization." And according to WithSecure, it's not fit for purpose: the encryption method employed, known as Electronic Codebook (ECB), is insecure for data with repeating …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Alan J. Wylie

    The "ECB penguin"

    In the case of an image where pixels of the same color get represented by the same plaintext, the corresponding ciphertext is also the same for like pixels, which makes the image visible through the ciphertext.

    The canonical example can be found here: https://words.filippo.io/the-ecb-penguin/

    16 0 Reply
    1. Brad Ackerman
      Reply Icon
      Devil

      Re: The "ECB penguin"

      That's why ECB stands for "Electronic Colouring Book".

      16 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: The "ECB penguin"

      "The canonical example can be found here: https://words.filippo.io/the-ecb-penguin/"

      Nice one. In the early 90s, I remember reading (first version of "Applied Cryptography" by Bruce Schneier, a top book I have to say, that ECB was totally insecure and CBC and CFB are to be preferred.

      So, this is hardly breaking news.

      Why has MS ever devised an ECB-based algorithm post 1990 is beyond me !

      0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    M$ logic

    Update the cipher to AES, breaking compatibility with earlier clients, but leave the protocol in ECB mode?

    I call bullshit. That's a mistake, not a compatibility choice. They are probably gaslighting people because they realized that was just the tip of the iceberg and the whole feature as going to have to be nuked from orbit and rebuilt from scratch.

    13 0 Reply
  3. sarusa Silver badge
    Mushroom

    Luckily

    Luckily, I already assumed that!

    1 0 Reply
    1. Blazde Silver badge
      Reply Icon

      Re: Luckily

      Unluckily, the person sending you encrypted email didn't assume that.

      1 0 Reply
  4. Bebu Silver badge

    Cryptography 101

    Not part of the curriculum at the Microsoft University I suppose.

    4 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    This solution has been mentioned before.....

    ....some groups of us use private encryption BEFORE our messages enter any public channel.....

    ....Diffie/Hellman, 8192 bit primes, multiple encryption passes....and so on.....

    For example:

    ====

    uyfG4go25Y/yWIQwgqyJ02Tz50GTV+1fGBEyjgDe3CBq4DOXAkm8VrkfBK9em7TaXgnDCFZcgOtR

    R7P3a7gHnJf6gXeo+xIBiC1VnzaSV2n0r8YFp6NrqPn1l2UnO4ePm562OUsvna+c4zZ6K60MqYOD

    AsAwzqLj/6sBg3b9buqnoKGXVWKjzhedb5ssmGNQI3d6M76Xqh2mVUvfxPfp3xyCnpjn0tRAXW13

    i4X+9tflpBzRQXLsyj0Aw3CGYlHvH3Fb++7wSjHDCwE6NXQk3KHOQ9lZ3AOq29XhPCKycNtIl3nk

    ZyORDI3iaa+0bFmLNahRERAMCMshSXgBAhP4KgttKGMMRg2nVF4nHAXdbDVbc/L5J9lz2Jz/txWO

    dKaGm23PLiXnqiKItsPtO+vAbZ/A0gChB2wKRe+eCZAunY/xDAJzuuNsFPSfD06z36w9BxlGabGW

    7/GLO7cucWpYTx996ZKEMopm3NGSV9V/g41CbcKX

    ====

    TFTFY!!!!

    1 4 Reply
    1. Michael Wojcik Silver badge
      Reply Icon

      Re: This solution has been mentioned before.....

      This AC has to be the least interesting of the Reg's resident kooks. 8Kb ECC keys? Sigh. Must try harder.

      1 0 Reply
  6. Crypto Monad Silver badge

    If it's not proper encryption, then don't call the feature "Message Encryption".

    Call it "Message Obfuscation" or something like that.

    It it perfectly reasonable (IMO) for a regular end-user confronted with a feature called "Microsoft Office 365 Message Encryption", to assume that it does actually encrypt your message, into a form that's not trivially decryptable.

    2 0 Reply
    1. razorfishsl
      Reply Icon

      it's enough for the plebs....

      We were audited for accounts, during that time i had to sit an listen about being audited for IT,

      Specifically being told that a Data center is actually the cloud.

      Then watching them twist and turn when I called them out on it, only to be told by top management "it does not really matter"

      How the hell can anyone act as a "professional auditor" for IT, with this level of understanding.

      0 0 Reply
  7. Not Yb Bronze badge
    Facepalm

    Hold on, the "the rights management feature is intended as a tool to prevent accidental misuse and is not a security boundary."

    Are you sure they're talking about the same "message encryption" as this article? Because that doesn't make much sense.

    Rights management and message encryption would generally be considered somewhat different parts of cryptography.

    Calling it a "rights management feature" seems to have missed the actual question.

    0 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    "Microsoft evidently does not consider this a problem"

    Well it wouldn't be so much of a problem if you disabled weak 'legacy' methods by default and forced to user to enable individual methods (rather than bulk 'all legacy') if they need to use those legacy methods.

    (once had a pen tester suggest disabling some of the weak SSH encryption methods on an old router, only to discover they were the only ones available.. time for a router upgrade!)

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like