Password Strength

[Geoff]

Can anyone provide informed advice on just how "strong" the password
protection in OneNote 2007 is? Eg. is an 8-10 char string crackable with
readily available tools? thanks.

 

[Ilya Koulchin]

Can anyone provide informed advice on just how "strong" the password
protection in OneNote 2007 is? Eg. is an 8-10 char string crackable with
readily available tools? thanks.

The password protection is cryptographically secure, meaning that it is
generally more trouble than it's worth to extract the data using
cryptographic methods without knowing the password. However, as with all
password-based systems, OneNote is vulnerable to brute-force attacks
against the password. As such, the password protection is only as secure
as your password. For instance, a password that is a dictionary word in
all lowercase letters should by no means be considered secure (crackable
within hours to days), while an 8 character password that contains a mix
of letters, numbers, and symbols will provide much greater security
(back to approaching "more trouble than it's worth" threshold).

Also note that there is no way of retrieving your password from the
locked section - so if you forget your password, there's no way to get
at your data.

Ilya

 

[Ben M. Schorr, MVP]

In addition to what Ilya said please understand that password length is more
important than password complexity. Unless you tell the attacker what your
pass phrase is a phrase like: "This is my pass phrase" is actually quite
solid -- it's 22 characters long and multiple words. Nobody will
brute-force break that pass phrase in your lifetime with currently available
technology.