|
How Safe is the Excel Password functionality?
I have noticed a lot of tools on the web that claim to be able to "crack"
passwords to excel and other office tools. Parts of the system that I help to develop depends on excel file passwords to protect sensitive information and code. What's the nature of the vulnerability? Has anyone found a work around yet? - Rm |
How Safe is the Excel Password functionality?
Highly vulnerable.
Sensitive information should be placed in perhaps a compiled dll. -- Regards, Tom Ogilvy "Robert Mulroney" '''' wrote in message ... I have noticed a lot of tools on the web that claim to be able to "crack" passwords to excel and other office tools. Parts of the system that I help to develop depends on excel file passwords to protect sensitive information and code. What's the nature of the vulnerability? Has anyone found a work around yet? - Rm |
How Safe is the Excel Password functionality?
What's the nature of the problem? Is it just that there is no limit to the
number of attempts that you can have at the password? ie. break the password with brute force? Is there some Microsoft explaination of how this happend, I need to know so that I can put a proposal together. thanks for you help, - Rm "Tom Ogilvy" wrote: Highly vulnerable. Sensitive information should be placed in perhaps a compiled dll. -- Regards, Tom Ogilvy "Robert Mulroney" '''' wrote in message ... I have noticed a lot of tools on the web that claim to be able to "crack" passwords to excel and other office tools. Parts of the system that I help to develop depends on excel file passwords to protect sensitive information and code. What's the nature of the vulnerability? Has anyone found a work around yet? - Rm |
How Safe is the Excel Password functionality?
The problem is that password protection is to provide assistance in keeping
a worksheet from getting messed up or to prevent the user from adding, deleting or unhiding sheets - but more as a convenience than to offer any real protection. You can get code here for free that will quickly defeat both of these levels of protection. See a description of this protection at http://www.mcgimpsey.com/excel/removepwords.html File protection can be hacked with a commercial product such as that at http://www.lostpassword.com. Same for VBA. Of course file level protection is useless in your case because you have to let the user have access to the workbook. then you are back to sheet and book level protection. If you look at the lostpassword site, you will see they have products for almost all office applications. -- Regards, Tom Ogilvy "Robert Mulroney" '''' wrote in message ... What's the nature of the problem? Is it just that there is no limit to the number of attempts that you can have at the password? ie. break the password with brute force? Is there some Microsoft explaination of how this happend, I need to know so that I can put a proposal together. thanks for you help, - Rm "Tom Ogilvy" wrote: Highly vulnerable. Sensitive information should be placed in perhaps a compiled dll. -- Regards, Tom Ogilvy "Robert Mulroney" '''' wrote in message ... I have noticed a lot of tools on the web that claim to be able to "crack" passwords to excel and other office tools. Parts of the system that I help to develop depends on excel file passwords to protect sensitive information and code. What's the nature of the vulnerability? Has anyone found a work around yet? - Rm |
How Safe is the Excel Password functionality?
Wow! Okay, um, don't tell my users. It looks like I've got some work to do.
thanks again, - Rm "Tom Ogilvy" wrote: The problem is that password protection is to provide assistance in keeping a worksheet from getting messed up or to prevent the user from adding, deleting or unhiding sheets - but more as a convenience than to offer any real protection. You can get code here for free that will quickly defeat both of these levels of protection. See a description of this protection at http://www.mcgimpsey.com/excel/removepwords.html File protection can be hacked with a commercial product such as that at http://www.lostpassword.com. Same for VBA. Of course file level protection is useless in your case because you have to let the user have access to the workbook. then you are back to sheet and book level protection. If you look at the lostpassword site, you will see they have products for almost all office applications. -- Regards, Tom Ogilvy "Robert Mulroney" '''' wrote in message ... What's the nature of the problem? Is it just that there is no limit to the number of attempts that you can have at the password? ie. break the password with brute force? Is there some Microsoft explaination of how this happend, I need to know so that I can put a proposal together. thanks for you help, - Rm "Tom Ogilvy" wrote: Highly vulnerable. Sensitive information should be placed in perhaps a compiled dll. -- Regards, Tom Ogilvy "Robert Mulroney" '''' wrote in message ... I have noticed a lot of tools on the web that claim to be able to "crack" passwords to excel and other office tools. Parts of the system that I help to develop depends on excel file passwords to protect sensitive information and code. What's the nature of the vulnerability? Has anyone found a work around yet? - Rm |
| All times are GMT +1. The time now is 03:21 AM. |
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
ExcelBanter.com