Topic: Saving private key in MS Word (Read 1567 times)

Not the best idea for saving private keys.

Im a bit lost, can someone break this down for me. lol.

Okay so, here's an idea. Let me know your opinions.

I create a live disk of Windows on an offline/virus-free computer using WinPE:
http://en.wikipedia.org/wiki/Windows_Preinstallation_Environment
http://en.wikipedia.org/wiki/List_of_live_CDs#Microsoft_Windows-based

I boot up the live disk (without connecting to the internet) and install Office on it, paste in the private key, add a password, save the file. Then move the encrypted word file onto a flash drive
Since everything is done in Random-access instead of Read-only, there are no traces left after I power off the computer

I can't think of the names of them right now for some annoying reason but there are a few programs out there that are supposed to provide very secure storage of passwords, could something like that be used to store your private keys as well?

And that's what I get for not reading the article properly!
I feel really stupid right now...

This article is absolutely pointless. Yes, it's possible to remove "read only" marks from "protected" office document in no time but simply because without "open" password the contents of document is fully accessible and you don't even need any special program to edit XML file within ZIP file (which is in fact DOCX document's internal structure is) removing "read only" tag.

But if "password to open" is set the only way to break the protection is to get original password. And once it's complex enough (anybody around still using "password" as password? Really?) there no chances to crack it even with cloud of GPUs. I'm honestly have no idea how quote "At the moment, cloud computing facilities are capable of unlocking as many as ca. 80% of the files saved in the Office 2007–2010 format." got into wiki (linked by topic starter) but it's at least misleading.

Office 2007 using 50000xSHA1 iterations for key derivation and AES for encryption. Office 2010 using 100000xSHA1 (and making possible to use 128/192/256-bit AES keys). Office 2013 using 100000xSHA512 iterations (and still AES). What this means? Simple. You can brute-force about 40K passwords per second (http://golubev.com/gpuest.htm) with AMD 7970 for Office 2007 document and only about 1100 p/s with the same GPU for Office 2013 one (measured with http://passwordrecoverytools.com/office-password.asp). The difference is only 36x which means that adding one symbol (from smalls+digits charset) to password for Office 2007 making it "the same" in "crackable" terms as Office 2013 password. There no backdoors there -- brute-forcing the password (even with some smart mutations/dictionary based attacks) is the only option.

Or, in other words, weak password will be cracked no matter what version of Office you've used while even Office 2007 protection is enough if your password is really good. Office versions prior to 2007 is different story and you should not use them at all. Actually saving document with Office 2013 in "Office 97-2000 compatible" mode with password effectively means you're saving document with protection which will be cracked in seconds with rainbow tables.

Anyway, you can use RAR 3.x-5.x or 7zip archives for the same purpose. Protection there is as strong as password you've choose. No backdoors there and brute-forcing speed is really low too.


Another thing is that if you're using system without full disk encryption it's possible to find encryption keys used with Office 2013 document within swap file or hibernate image and get access to protected document. If somebody got access to your computer. Actually it's simply possible to undelete the file which was extracted from protected archive/document to temporary file. Also during editing process Office can save temporary files anywhere it wants, no guarantee at all.

So if you're paranoid enough you will be using full disk encryption (TrueCrypt is obvious choice). Of course back up-ing all important information on (several, independent) external HDD/DVD-RWs as encrypted volumes (also TrueCrypt here is obvious choice).

Actually it doesn't use PBKDF2 -- it simply reapplying SHA512 in a way like:
but everything else is quite right .

That article missed the point when it was written and time didn't make it any better.  Using the logic of the author, Bitcoin wallets are insecure because software exists to attempt to recover the wallet passphrase. Office 2013 uses AES 256 with 64 bit salt and the key derived using 100,000 spins of SHA-512PBKDGF2 using SHA-256.  That is nearly identical very similar in strength to the system used by Bitcoin Core client to encrypt private keys.  Can passwords be attacked by dictionary or premutation attack if the password is weak or short?  Sure and the exactly same password on the Bitcoin wallet (or truecrypt, or lastpass, or anywhere) would fail as well.   That is what password recovery software does.  It attempts to find the password by checking dictionaries, or using part of a known password, or trying permutations.  If the password is weak and you have enough computing power, you may find it, if it is strong you won't.

To the OP though I wouldn't use word unless for some reason you had no other options because simpler is usually better.  Why not just backup the wallet.dat or print a paper wallet (encryption optional)?

I would encrypt it using other methods. Read this:
http://searchenterprisedesktop.techtarget.com/tip/Microsoft-Office-2013-crackable-so-look-to-Office-password-recovery
But Microsoft has maybe done something about that issue during the last 1 and a half years, I don't know, I don't use Office.
I'd stick with some trusted open-source encryption software anyway.

If you boot from a ubuntu live disk and do something like back up your wallet or copy your keys down you really will be fine.

why dont u create a cold wallet with a external hard drive but make sure you use linux to do so, as your Pc can be already compromised with malware.  This is the best way I know I can think of keeping your btc secured. 

It's good to be safe and secure but sometimes I think people go over the top. If you use a clean computer and back up your wallet or save your private key on a pass-word protected document and store it safely you'll probably be fine. I don't think you need to rar it then encrypt it then encrypt it again and store it in a safe within a safe lol. It just seems overkill.

I think most people do not backup their private keys at all. They keep their coins at blockchain wallet and forget about it. Those who use bitcoin clients with wallet files would copy their encrypted wallet files on to usb flash drives or somewhere on their harddisk. Electrum users would surely write their seeds down on paper. Quite a few will have paper wallets.

Probably not that many users would save keys in plain text format.

I am actually curious about how people really store their private keys. I have read several people saying stuff that indicates that they keep digital copies (not just written down or memorized.) But then other people are all like OMG OMG OMG no you can't do that it's not secure! You need to like, make a special file and then encrypt it and then double encrypt it and then copy it on a USB drive and seal it in a capsule and swallow it and poop it out and re-eat it every day just to be safe.

But realistically I doubt most people, except the very very select few super ultra obsessed geek nerd kings are going to such lengths.

This is a hare-brained idea
Private keys are life - do you really wanna trust a MS product?!!

I don't think that is a good choice.

In the old days (10 years ago) it was easy to crack word/excel files.  I did it all the time for employee files using simple hacker tools.  More advanced tools were also easily purchased from sites like www.lostpassword.com.  (And we did occasionally purchase commercial cracking tools). But as the OP stated, word/excel has upped the encryption so I am sure it is more difficult.  I haven't really kept up on the tools or encryption hacks to know how feasible it is to crack current word/excel files.  But even back then it sometimes would take days to brute force a password.

Nonsense.  If you want we can each put 1 BTC into escrow. i will give you a word file, you hack it, or have someone hack it within 5 days (more than your 5 minutes) and you win, otherwise I win once I provide passphrase to escrow so they can verify the file can be decrypted without issue given the correct passphrase.

Game?

It's not ideal, but it's not terrible either, providing you don't keep it on a computer and save it offline. Create it on a safe and offline computer and keep it on a USB and/or CD-R etc.

A decent hacker can crack the password of any encrypted MS Word / MS Excel file in less than 5 minutes. This is one of the worst ideas I have ever heard here in Bitcointalk. 

Why not save it in text file and use encryption like Axcrypt instead?