Hi Jeurg,
Password-Protected sections are each encrypted with a random Triple DES key (of 168 bits). The actual encryption is implemented via the Windows CAPI using the Microsoft Strong Cryptographic Service Provider.
Security is always a relative measure, and it?s important to remember the tradeoffs involved in any encryption scheme. In particular, Password-Protected sections in OneNote have the following benefits:
? Your data is protected on disk (ie, from laptop thieves).
? As each section has its own password, your data security isn't compromised when your Windows password is compromised or shared.
? OneNote will unload sensitive data when not in use to prevent opportunistic security breaches (ie, leave your office without locking your computer) and as a measure of privacy (ie, when you Alt-Tab back to OneNote after having been active in another application for a while, your protected content will be locked).
? Lastly, as the data is encrypted on disk, access to shared sections across UNC shares will also be encrypted.
That being said, OneNote will not protect your data from a malicious system administrator -- although admittedly, few programs do. And since it's a password protection scheme, the strength of the protection is directly tied to the strength of your password. (IE, don't encrypt your data with short dictionary words.)
Hope this helps,
Donovan Lange
Developer
Microsoft Office OneNote
-----------------------------------------------
From: Juerg Herren
Posted At: Sunday, June 20, 2004 10:57 AM
Posted To: microsoft.public.onenote
Conversation: Password and encryption
Subject: Password and encryption
nntp://msnews.microsoft.com/microsoft.public.onenote/
How safe is it to store sensitive data (e.g. credit card numbers etc.)
in a password protected section of OneNote? Are password protected
sections encrypted, and if so, what kind of encryption is it?
Thanks!
Juerg
