I have noticed a lot of tools on the web that claim to be able to "crack"
passwords to excel and other office tools. Parts of the system that I help to
develop depends on excel file passwords to protect sensitive information and
code. What's the nature of the vulnerability? Has anyone found a work around
yet?

- Rm

Highly vulnerable.

Sensitive information should be placed in perhaps a compiled dll.

--
Regards,
Tom Ogilvy

"Robert Mulroney" '''' wrote in message
...
I have noticed a lot of tools on the web that claim to be able to "crack"
passwords to excel and other office tools. Parts of the system that I help
to
develop depends on excel file passwords to protect sensitive information
and
code. What's the nature of the vulnerability? Has anyone found a work
around
yet?

- Rm

What's the nature of the problem? Is it just that there is no limit to the
number of attempts that you can have at the password? ie. break the password
with brute force?

Is there some Microsoft explaination of how this happend, I need to know so
that I can put a proposal together.

thanks for you help,

- Rm

"Tom Ogilvy" wrote:

Highly vulnerable.

Sensitive information should be placed in perhaps a compiled dll.

--
Regards,
Tom Ogilvy

"Robert Mulroney" '''' wrote in message
...
I have noticed a lot of tools on the web that claim to be able to "crack"
passwords to excel and other office tools. Parts of the system that I help
to
develop depends on excel file passwords to protect sensitive information
and
code. What's the nature of the vulnerability? Has anyone found a work
around
yet?

- Rm

The problem is that password protection is to provide assistance in keeping
a worksheet from getting messed up or to prevent the user from adding,
deleting or unhiding sheets - but more as a convenience than to offer any
real protection. You can get code here for free that will quickly defeat
both of these levels of protection.

See a description of this protection at
http://www.mcgimpsey.com/excel/removepwords.html

File protection can be hacked with a commercial product such as that at
http://www.lostpassword.com. Same for VBA. Of course file level protection
is useless in your case because you have to let the user have access to the
workbook. then you are back to sheet and book level protection.

If you look at the lostpassword site, you will see they have products for
almost all office applications.

--
Regards,
Tom Ogilvy


"Robert Mulroney" '''' wrote in message
...
What's the nature of the problem? Is it just that there is no limit to the
number of attempts that you can have at the password? ie. break the
password
with brute force?

Is there some Microsoft explaination of how this happend, I need to know
so
that I can put a proposal together.

thanks for you help,

- Rm

"Tom Ogilvy" wrote:

Highly vulnerable.

Sensitive information should be placed in perhaps a compiled dll.

--
Regards,
Tom Ogilvy

"Robert Mulroney" '''' wrote in message
...
I have noticed a lot of tools on the web that claim to be able to
"crack"
passwords to excel and other office tools. Parts of the system that I
help
to
develop depends on excel file passwords to protect sensitive
information
and
code. What's the nature of the vulnerability? Has anyone found a work
around
yet?

- Rm

Wow! Okay, um, don't tell my users. It looks like I've got some work to do.

thanks again,

- Rm

"Tom Ogilvy" wrote:

The problem is that password protection is to provide assistance in keeping
a worksheet from getting messed up or to prevent the user from adding,
deleting or unhiding sheets - but more as a convenience than to offer any
real protection. You can get code here for free that will quickly defeat
both of these levels of protection.

See a description of this protection at
http://www.mcgimpsey.com/excel/removepwords.html

File protection can be hacked with a commercial product such as that at
http://www.lostpassword.com. Same for VBA. Of course file level protection
is useless in your case because you have to let the user have access to the
workbook. then you are back to sheet and book level protection.

If you look at the lostpassword site, you will see they have products for
almost all office applications.

--
Regards,
Tom Ogilvy


"Robert Mulroney" '''' wrote in message
...
What's the nature of the problem? Is it just that there is no limit to the
number of attempts that you can have at the password? ie. break the
password
with brute force?

Is there some Microsoft explaination of how this happend, I need to know
so
that I can put a proposal together.

thanks for you help,

- Rm

"Tom Ogilvy" wrote:

Highly vulnerable.

Sensitive information should be placed in perhaps a compiled dll.

--
Regards,
Tom Ogilvy

"Robert Mulroney" '''' wrote in message
...
I have noticed a lot of tools on the web that claim to be able to
"crack"
passwords to excel and other office tools. Parts of the system that I
help
to
develop depends on excel file passwords to protect sensitive
information
and
code. What's the nature of the vulnerability? Has anyone found a work
around
yet?

- Rm