<p>In addition to a host of improvements and other changes, Microsoft beefed up the encryption scheme used to secure users' data in Office 2013. With Office 2010, Microsoft used an SHA-1 class algorithm with a 128-bit key to encrypt plain-text password-protected documents. With Office 2013, though, Microsoft has moved to a technically more secure SHA-2 class SHA512 algorithm to calculate the hash values for the encryption keys, but it appears even that wasn't enough. ElcomSoft, a privately owned company headquartered in Moscow, has announced that it has already developed tools to crack Microsoft's latest protection schemes. Shocking, I know.</p><p>A post on the ElcomSoft Advance Password Cracking blog claims that the company's Advanced Office Password Recovery and Distributed Password Recovery tools now have the ability to crack Office 2013 plain text passwords, just weeks before the productivity suite's official release. The post isn't very detailed and doesn't explain exactly how ElcomSoft pulled it off, but it does say that it is not strictly a brute force method. In fact, ElcomSoft claims that brute force attacks on Office 2013's encryption scheme are virtually useless.</p><p>According to the blog post,"brute-forcing SHA512 hashes with 256-bit encryption key is a dead end," presumably due to the immense amount of time it would take to crack the 64-bit words used by SHA-512. "Smart password attacks are pretty much the only way to go with Office 2013."</p><p>ElcomSoft's Advanced Office and Distributed Password Recovery tools can already crack Office 2013 passwords. (Image source: ElcomSoft)</p><p><a href="http://www.networkworld.com/community/node/81529">Keep reading...</a></p>