Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
DiscussionsAccessExcelInfoPathOutlookPowerPointPublisherWord
DirectoryUser Groups
Related Topics
Outlook ExpressInternet ExplorerWindowsMS Server ProductsMore Topics ...
MS Office Forum / Excel / Programming / January 2006

Tip: Looking for answers? Try searching our database.

How Safe is the Excel Password functionality?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Robert Mulroney - 23 Jan 2006 01:30 GMT
I have noticed a lot of tools on the web that claim to be able to "crack"
passwords to excel and other office tools. Parts of the system that I help to
develop depends on excel file passwords to protect sensitive information and
code. What's the nature of the vulnerability? Has anyone found a work around
yet?

- Rm
Reply to this Message
Tom Ogilvy - 23 Jan 2006 02:27 GMT
Highly vulnerable.

Sensitive information should be placed in perhaps a compiled dll.

Signature

Regards,
Tom Ogilvy

> I have noticed a lot of tools on the web that claim to be able to "crack"
> passwords to excel and other office tools. Parts of the system that I help to
[quoted text clipped - 3 lines]
>
>  - Rm
Reply to this Message
Robert Mulroney - 23 Jan 2006 02:43 GMT
What's the nature of the problem? Is it just that there is no limit to the
number of attempts that you can have at the password? ie. break the password
with brute force?

Is there some Microsoft explaination of how this happend, I need to know so
that I can put a proposal together.

thanks for you help,

- Rm

> Highly vulnerable.
>
[quoted text clipped - 10 lines]
> >
> >  - Rm
Reply to this Message
Tom Ogilvy - 23 Jan 2006 03:13 GMT
The problem is that password protection is to provide assistance in keeping
a worksheet from getting messed up or to prevent the user from adding,
deleting or unhiding sheets - but more as a convenience than to offer any
real protection.  You can get code here for free that will quickly defeat
both of these levels of protection.

See a description of this protection at
http://www.mcgimpsey.com/excel/removepwords.html

File protection can be hacked with a commercial product such as that at
http://www.lostpassword.com.  Same for VBA.  Of course file level protection
is useless in your case because you have to let the user have access to the
workbook.  then you are back to sheet and book level protection.

If you look at the lostpassword site, you will see they have products for
almost all office applications.

Signature

Regards,
Tom Ogilvy

> What's the nature of the problem? Is it just that there is no limit to the
> number of attempts that you can have at the password? ie. break the password
[quoted text clipped - 21 lines]
> > >
> > >  - Rm
Reply to this Message
Robert Mulroney - 23 Jan 2006 03:36 GMT
Wow! Okay, um, don't tell my users. It looks like I've got some work to do.

thanks again,

- Rm

> The problem is that password protection is to provide assistance in keeping
> a worksheet from getting messed up or to prevent the user from adding,
[quoted text clipped - 43 lines]
> > > >
> > > >  - Rm
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.