Rainbow Method and Table creator Phillip Oechslin emailed me regarding my recent column on Rainbow tables. Here's his email. Hello Roger, I just saw your online article on CSO online in Australia. I thought you might interested to know that rainbow tables can also be used to crack office documents. The default encryption scheme of Word and Excel has the same default as Windows password hashes, it is predictible Rainbow Method and Table creator Phillip Oechslin emailed me regarding my recent column on Rainbow tables.Here’s his email.Hello Roger,I just saw your online article on CSO online in Australia. I thought you might interested to know that rainbow tables can also be used to crack office documents. The default encryption scheme of Word and Excel has the same default as Windows password hashes, it is predictible (there is no salt or randomness).We have a product that cracks a Word or Excel document in minutes, whatever the password (any length or complexity, since what we crack is not the password but the resulting 40 bit key that is used to encrypt the document). I could get you a evaluation version if you wanted to test (would have to send you a DVD with the 4GB of tables). Alternatively I could crack a few documents for you.There is info on this on our product page:https://www.objectif-securite.ch/en/products.phpWell and you write: “Rainbow tables are closely related to a cracking technique pioneered by Philippe Oechslin”.Actually rainbow tables have been invented by Philippe Oechslin. I should know. I coined the name rainbow table in my research paper presented at Crypto 2003.https://lasecwww.epfl.ch/pub/lasec/doc/Oech03.pdf BTW, we have a large article in the February issue of Hackin9(https://en.hakin9.org/) magazine about rainbow tables and how we optimize their implementation. regards, Philippe Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe