Does a complex Excel VBA Password provide additional security

A

alan57

I'm trying to maximize my excel addin security. My research indicates an
Excel 2003 VBA password may be a max of 32 characters and the password may
include letters (not sure if upper and lower case are considered different),
numbers, keyboard special characters and spaces.

Does a complex excel VBA password (i.e. 32 char long and many types of char)
provide more security against the password recovery tools?

I thought the recovery tools have different algorithms.
- One algorithm is a brute force match which may take a long time (days or
weeks ?) to match a complex password.
- Another algorithm is to remove the password and replace it with something
else. A complex password would have limited value in this algorithm. I
would also expect this recovery tool to succeed or fail quickly.

Please provide any other suggestions you may have for improving an addin
security.

thanks.
 
N

NickHK

Excel does not store the password as text, but a hashed value. As such a
complex password would make it more difficult for a brute force attack, but
no effect on the replace method.
Having said that, the WB/WS protection can be easily broken irrespective of
the initial password text used, basically with a brute force method.
VBA passwords are more difficult, but not much

http://www.mcgimpsey.com/excel/fileandvbapwords.html

There are various tools to obfuscate your VBA code also, if you feel it
worthwhile.
Using a compiled method would render the code much more difficult to
understand, if VB6 but not the .Net variety AFAIK.

NickHK
 
J

Jim Cone

Locks only keep the honest people out.
The vba password can be bypassed, so don't worry about the length.
You might consider paying one of the established contributors in
this programming group to convert your add-in to a com add-in.
That would be pretty good security.
However, I believe then the add-in would not work on XL 97.
No, I don't do that type of work.
--
Jim Cone
San Francisco, USA
http://www.realezsites.com/bus/primitivesoftware



"alan57" <[email protected]>
wrote in message

I'm trying to maximize my excel addin security. My research indicates an
Excel 2003 VBA password may be a max of 32 characters and the password may
include letters (not sure if upper and lower case are considered different),
numbers, keyboard special characters and spaces.

Does a complex excel VBA password (i.e. 32 char long and many types of char)
provide more security against the password recovery tools?

I thought the recovery tools have different algorithms.
- One algorithm is a brute force match which may take a long time (days or
weeks ?) to match a complex password.
- Another algorithm is to remove the password and replace it with something
else. A complex password would have limited value in this algorithm. I
would also expect this recovery tool to succeed or fail quickly.

Please provide any other suggestions you may have for improving an addin
security.

thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top