Is Excel Security worth anything?

J

Jim Bennett

Can anyone enlighten me on the subject of Excel security? Does the Microsoft
Strong Cryptographic Provider provide a reasonable level of security given a
randomly generated 12 char password (including non-alphanumeric chars)? Is
the only method of attack Brute Force?
Also, does internet explorer share the same underlying dll's when encrypting
data for an SSL session.

Any info would be very much appreciated.
 
J

Jean-Yves

from a none expert point of view :
Just make a google search
Made one on ms "Access security" to compare.
First hit, an author explains in a book how to secure access
Second hit, Get/crack all PW instanteneously from Access.
It is like the size of the safe ....
Regards
Jean-Yves
 
J

Jim Bennett

Thanks for the reply JY.
I searched google quite a bit but was unable to get a definitive answer. It
seems like every password cracker out there claims to be able to break the
Microsoft Strong Crypto but are they employing dictionary and brute force
attacks? If I generate a truly random key of say 12 char or longer will the
resulting excel file be too difficult to crack in a reasonable time period?
I did read about the "flaw" found in MS-Office encryption but it seems to
require slightly different versions of the same file encrypted with the same
password to be able to cryptoanalyze it.
This lead me to ask the question "How does Internet Explorer encrypt data
when connecting to a secure website using SSL?" Does it also use the same
crypto dll's that Office uses? Is it any safer?
 
D

Don Guillett

Excel passwords are not too difficult to break, if you know how. I wouldn't
rely on the protection.
 
J

Jean-Yves

Hi Jim,

Just to give you an idea how some works.
Create a new Wb, with your own PW. Run the utility to crack PW.
The Wb you want to crack now has the PW of your new Wb .....
This only difference is if you want just to open or just have the PW.
Some utilities are even free, other you have to by or send the the file.

Another example. In word, protect the content with PW.
Save in html. Reopen in word, resave as Word : the PW is gone !
Note that with earlier version of word, the PW could be found in the HTML
source code.
For security, the more you want the better the application must be.
I have a user ID and PW to access an Oracle DB. If I access/identify via
the Oracle GUI,
a second layer will give the rights I need. If I access via ADO, I only get
readOnly mode.

Regards

Jean-Yyves Tfelt
 
J

Jim Bennett

Don, could you be a little more specific? Given the crtieria I have mentioned
how would you go about it?
It is my understanding that if you use say the "RC4, Microsoft Enhanced RSA
and AES Cryptographic Provider" algorithm it would be very difficult to
crack. I am not talking about the Office 97/2000 Compatible encryption.
Are there known exploits that I am not aware of?

Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top