Can anyone enlighten me on the subject of Excel security? Does the Microsoft
Strong Cryptographic Provider provide a reasonable level of security given a
randomly generated 12 char password (including non-alphanumeric chars)? Is
the only method of attack Brute Force?
Also, does internet explorer share the same underlying dll's when encrypting
data for an SSL session.
Any info would be very much appreciated.
from a none expert point of view :
Just make a google search
Made one on ms "Access security" to compare.
First hit, an author explains in a book how to secure access
Second hit, Get/crack all PW instanteneously from Access.
It is like the size of the safe ....
Regards
Jean-Yves
Jim Bennett" <[email protected]> wrote in message
news:[email protected]...
> Can anyone enlighten me on the subject of Excel security? Does the
> Microsoft
> Strong Cryptographic Provider provide a reasonable level of security given
> a
> randomly generated 12 char password (including non-alphanumeric chars)? Is
> the only method of attack Brute Force?
> Also, does internet explorer share the same underlying dll's when
> encrypting
> data for an SSL session.
>
> Any info would be very much appreciated.
Thanks for the reply JY.
I searched google quite a bit but was unable to get a definitive answer. It
seems like every password cracker out there claims to be able to break the
Microsoft Strong Crypto but are they employing dictionary and brute force
attacks? If I generate a truly random key of say 12 char or longer will the
resulting excel file be too difficult to crack in a reasonable time period?
I did read about the "flaw" found in MS-Office encryption but it seems to
require slightly different versions of the same file encrypted with the same
password to be able to cryptoanalyze it.
This lead me to ask the question "How does Internet Explorer encrypt data
when connecting to a secure website using SSL?" Does it also use the same
crypto dll's that Office uses? Is it any safer?
"Jean-Yves" wrote:
> from a none expert point of view :
> Just make a google search
> Made one on ms "Access security" to compare.
> First hit, an author explains in a book how to secure access
> Second hit, Get/crack all PW instanteneously from Access.
> It is like the size of the safe ....
> Regards
> Jean-Yves
>
>
> Jim Bennett" <[email protected]> wrote in message
> news:[email protected]...
> > Can anyone enlighten me on the subject of Excel security? Does the
> > Microsoft
> > Strong Cryptographic Provider provide a reasonable level of security given
> > a
> > randomly generated 12 char password (including non-alphanumeric chars)? Is
> > the only method of attack Brute Force?
> > Also, does internet explorer share the same underlying dll's when
> > encrypting
> > data for an SSL session.
> >
> > Any info would be very much appreciated.
>
>
>
Excel passwords are not too difficult to break, if you know how. I wouldn't
rely on the protection.
--
Don Guillett
SalesAid Software
[email protected]
"Jim Bennett" <[email protected]> wrote in message
news:[email protected]...
> Can anyone enlighten me on the subject of Excel security? Does the
> Microsoft
> Strong Cryptographic Provider provide a reasonable level of security given
> a
> randomly generated 12 char password (including non-alphanumeric chars)? Is
> the only method of attack Brute Force?
> Also, does internet explorer share the same underlying dll's when
> encrypting
> data for an SSL session.
>
> Any info would be very much appreciated.
Hi Jim,
Just to give you an idea how some works.
Create a new Wb, with your own PW. Run the utility to crack PW.
The Wb you want to crack now has the PW of your new Wb .....
This only difference is if you want just to open or just have the PW.
Some utilities are even free, other you have to by or send the the file.
Another example. In word, protect the content with PW.
Save in html. Reopen in word, resave as Word : the PW is gone !
Note that with earlier version of word, the PW could be found in the HTML
source code.
For security, the more you want the better the application must be.
I have a user ID and PW to access an Oracle DB. If I access/identify via
the Oracle GUI,
a second layer will give the rights I need. If I access via ADO, I only get
readOnly mode.
Regards
Jean-Yyves Tfelt
"Jim Bennett" <[email protected]> wrote in message
news:[email protected]...
> Thanks for the reply JY.
> I searched google quite a bit but was unable to get a definitive answer.
> It
> seems like every password cracker out there claims to be able to break the
> Microsoft Strong Crypto but are they employing dictionary and brute force
> attacks? If I generate a truly random key of say 12 char or longer will
> the
> resulting excel file be too difficult to crack in a reasonable time
> period?
> I did read about the "flaw" found in MS-Office encryption but it seems to
> require slightly different versions of the same file encrypted with the
> same
> password to be able to cryptoanalyze it.
> This lead me to ask the question "How does Internet Explorer encrypt data
> when connecting to a secure website using SSL?" Does it also use the same
> crypto dll's that Office uses? Is it any safer?
>
>
> "Jean-Yves" wrote:
>
>> from a none expert point of view :
>> Just make a google search
>> Made one on ms "Access security" to compare.
>> First hit, an author explains in a book how to secure access
>> Second hit, Get/crack all PW instanteneously from Access.
>> It is like the size of the safe ....
>> Regards
>> Jean-Yves
>>
>>
>> Jim Bennett" <[email protected]> wrote in message
>> news:[email protected]...
>> > Can anyone enlighten me on the subject of Excel security? Does the
>> > Microsoft
>> > Strong Cryptographic Provider provide a reasonable level of security
>> > given
>> > a
>> > randomly generated 12 char password (including non-alphanumeric chars)?
>> > Is
>> > the only method of attack Brute Force?
>> > Also, does internet explorer share the same underlying dll's when
>> > encrypting
>> > data for an SSL session.
>> >
>> > Any info would be very much appreciated.
>>
>>
>>
Don, could you be a little more specific? Given the crtieria I have mentioned
how would you go about it?
It is my understanding that if you use say the "RC4, Microsoft Enhanced RSA
and AES Cryptographic Provider" algorithm it would be very difficult to
crack. I am not talking about the Office 97/2000 Compatible encryption.
Are there known exploits that I am not aware of?
Thanks.
"Don Guillett" wrote:
> Excel passwords are not too difficult to break, if you know how. I wouldn't
> rely on the protection.
>
> --
> Don Guillett
> SalesAid Software
> [email protected]
> "Jim Bennett" <[email protected]> wrote in message
> news:[email protected]...
> > Can anyone enlighten me on the subject of Excel security? Does the
> > Microsoft
> > Strong Cryptographic Provider provide a reasonable level of security given
> > a
> > randomly generated 12 char password (including non-alphanumeric chars)? Is
> > the only method of attack Brute Force?
> > Also, does internet explorer share the same underlying dll's when
> > encrypting
> > data for an SSL session.
> >
> > Any info would be very much appreciated.
>
>
>
Sorry, not familiar with this
--
Don Guillett
SalesAid Software
[email protected]
"Jim Bennett" <[email protected]> wrote in message
news:[email protected]...
> Don, could you be a little more specific? Given the crtieria I have
> mentioned
> how would you go about it?
> It is my understanding that if you use say the "RC4, Microsoft Enhanced
> RSA
> and AES Cryptographic Provider" algorithm it would be very difficult to
> crack. I am not talking about the Office 97/2000 Compatible encryption.
> Are there known exploits that I am not aware of?
>
> Thanks.
>
> "Don Guillett" wrote:
>
>> Excel passwords are not too difficult to break, if you know how. I
>> wouldn't
>> rely on the protection.
>>
>> --
>> Don Guillett
>> SalesAid Software
>> [email protected]
>> "Jim Bennett" <[email protected]> wrote in message
>> news:[email protected]...
>> > Can anyone enlighten me on the subject of Excel security? Does the
>> > Microsoft
>> > Strong Cryptographic Provider provide a reasonable level of security
>> > given
>> > a
>> > randomly generated 12 char password (including non-alphanumeric chars)?
>> > Is
>> > the only method of attack Brute Force?
>> > Also, does internet explorer share the same underlying dll's when
>> > encrypting
>> > data for an SSL session.
>> >
>> > Any info would be very much appreciated.
>>
>>
>>
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Register To Reply
Bookmarks