Snipped from Bruce Schneier's monthly CRYPTO-GRAM

"Microsoft RC4 Flaw

One of the most important rules of stream ciphers is to never use the
same keystream to encrypt two different documents. If someone does, you
can break the encryption by XORing the two ciphertext streams together.
The keystream drops out, and you end up with plaintext XORed with
plaintext -- and you can easily recover the two plaintexts using letter
frequency analysis and other basic techniques.

It's an amateur crypto mistake. The easy way to prevent this attack is
to use a unique initialization vector (IV) in addition to the key
whenever you encrypt a document.

Microsoft uses the RC4 stream cipher in both Word and Excel. And they
make this mistake. According to a paper by Hongjun Wu: "In this
report, we point out a serious security flaw in Microsoft Word and
Excel. The stream cipher RC4 [9] with key length up to 128 bits is used
in Microsoft Word and Excel to protect the documents. But when an
encrypted document gets modified and saved, the initialization vector
remains the same and thus the same keystream generated from RC4 is
applied to encrypt the different versions of that document. The
consequence is disastrous since a lot of information of the document
could be recovered easily."

This isn't new. Microsoft made the same mistake in 1999 with RC4 in
WinNT Syskey. Five years later, Microsoft has the same flaw in other
products.

The report (PDF):
<http://eprint.iacr.org/2005/007.pdf"

The pdf file is interesting. Any comments?

/Fredrik