excel password
- Thread starter zoukou55
- Start date
SirJB7
Excel Rōnin
Hi, fred!
Bad news and good news! Which ones do you want first?
Ok, bad ones: give a look at this post, surely you know a lot of things from there, but check my last comment.
http://chandoo.org/forums/topic/cell-protection-in-excel
Well, now good ones: today's friday, in a couple of hours I start my weekend!
Sorry, no more good news about this topic.
Regards!
Bad news and good news! Which ones do you want first?
Ok, bad ones: give a look at this post, surely you know a lot of things from there, but check my last comment.
http://chandoo.org/forums/topic/cell-protection-in-excel
Well, now good ones: today's friday, in a couple of hours I start my weekend!
Sorry, no more good news about this topic.
Regards!
IMO, there's nothing that 100% uncrackable. The factors to consider are amount of time and cost of effort. If we can make one of those (or both) high enough, that will deter unwanted users.
E.g.
Sheet protection password <--Very easy, broken by macro. Stops accidents and clumsy bosses
VB password <--slightly better, requires use of hex editor
128 bit encryption <--Used to be considered "perfect", current (common) computers take a few days to crack
256 bit encryption <--Current thought is that it would take quantum computing to crack, but who knows? No idea on if the NSA has this ability <grin>
List is hardly exhaustive, but is just meant to show some examples.
E.g.
Sheet protection password <--Very easy, broken by macro. Stops accidents and clumsy bosses
VB password <--slightly better, requires use of hex editor
128 bit encryption <--Used to be considered "perfect", current (common) computers take a few days to crack
256 bit encryption <--Current thought is that it would take quantum computing to crack, but who knows? No idea on if the NSA has this ability <grin>
List is hardly exhaustive, but is just meant to show some examples.
Fred
If you have anything that is "That Sensitive" put it on a computer not connected to the internet.
However apart from Nuclear Weapon launch codes (if they actually exist), I can't think of anything that truly requires that much security and if it does, you should be asking questions of your IT support personnel not a public Excel forum.
If you have anything that is "That Sensitive" put it on a computer not connected to the internet.
However apart from Nuclear Weapon launch codes (if they actually exist), I can't think of anything that truly requires that much security and if it does, you should be asking questions of your IT support personnel not a public Excel forum.
SirJB7
Excel Rōnin
@ fred, @ Luke M
Hi!
First look at this links:
http://elcomsoft.com/aopr.html
http://elcomsoft.com/aopb.html
Even certain 256 bit encryptions haven't been yet cracked (or yes and we won't know until a couple of years), there are other methods rather than brute force to gain access to Office (Excel) protected files.
One thing is recovering/discovering a password, that if long enough (+16 char) and if mixed subsets of alphabet (lower, upper, numbers, symbols, non-printable) it's said to be unbreakable as it would take thousands of yearss (even with GPU processing and distributed computing)... and another thing is finding the resulting hash for that password. Why? Well, the combinations that have to be tested for finding a password that uses every of the 256 byte values are of many magnitude orders more than dealing with the old 32, recent 40, or why not 128 and 256 bit cipher used by or that would use Office products.
In plain English, Elcomsoft many years ago developed a brute force attack not based in possible combinations to retrieve original password (let's say !"#$%&/()=?¿1234567890) but the hash generated by that password (same as generated for breaker password provided, let's say aabbbccccddddd123). They bundled all those hashes in a 4Gb DVD, and ... no matter how long and complicated did you choose your password, almost always they will provide you a different (so crack and not recover) easier password that generates the same hash string.
If that doesn't work, well always the recovering password method is available.
As Hui said, apart from Nuclear Weapon launch codes (that actually exist, I saw them in many movies) and my old phone & address & other stuff black book, I don't think that nothing truly deserves such a protection.
Regards!
PS: And this is what we know, what "they" agree to sell widely, but... do you really think that governments (probably not in my country, Argentine, but in central countries for sure) are not a few steps forward? If previous Office versions of 40bit encryption are instantly broken, if actual 128bit AES SHA1 & CBC of actual 2010 is publicly available for recovering in days (not even months or years), ... do you really don't suppose/guess that somewhere someone uses 1024bit or 2048bit or more, and cracking 512bit is almost immediate for them -them = organization with a HPC supercomputer?
PS2: That's why my old black book technique still remains enough for Nuclear Codes and certain phone numbers and names. Built-in custom algorithm + passphrase of up to 32Kb (not Kbit)... and if it doesn't match, you just get unreadable stuff. Frequency analysis masked, manual retrieved byte for random encryption cycling/passes which protect against automatic intents... But, as of Hui's concept don't connect that machine to the internet, or the equivalent don't use symmetrical pairs of public/private keys, just your one-way simple and easy to remember passphrase.
Hi!
First look at this links:
http://elcomsoft.com/aopr.html
http://elcomsoft.com/aopb.html
Even certain 256 bit encryptions haven't been yet cracked (or yes and we won't know until a couple of years), there are other methods rather than brute force to gain access to Office (Excel) protected files.
One thing is recovering/discovering a password, that if long enough (+16 char) and if mixed subsets of alphabet (lower, upper, numbers, symbols, non-printable) it's said to be unbreakable as it would take thousands of yearss (even with GPU processing and distributed computing)... and another thing is finding the resulting hash for that password. Why? Well, the combinations that have to be tested for finding a password that uses every of the 256 byte values are of many magnitude orders more than dealing with the old 32, recent 40, or why not 128 and 256 bit cipher used by or that would use Office products.
In plain English, Elcomsoft many years ago developed a brute force attack not based in possible combinations to retrieve original password (let's say !"#$%&/()=?¿1234567890) but the hash generated by that password (same as generated for breaker password provided, let's say aabbbccccddddd123). They bundled all those hashes in a 4Gb DVD, and ... no matter how long and complicated did you choose your password, almost always they will provide you a different (so crack and not recover) easier password that generates the same hash string.
If that doesn't work, well always the recovering password method is available.
As Hui said, apart from Nuclear Weapon launch codes (that actually exist, I saw them in many movies) and my old phone & address & other stuff black book, I don't think that nothing truly deserves such a protection.
Regards!
PS: And this is what we know, what "they" agree to sell widely, but... do you really think that governments (probably not in my country, Argentine, but in central countries for sure) are not a few steps forward? If previous Office versions of 40bit encryption are instantly broken, if actual 128bit AES SHA1 & CBC of actual 2010 is publicly available for recovering in days (not even months or years), ... do you really don't suppose/guess that somewhere someone uses 1024bit or 2048bit or more, and cracking 512bit is almost immediate for them -them = organization with a HPC supercomputer?
PS2: That's why my old black book technique still remains enough for Nuclear Codes and certain phone numbers and names. Built-in custom algorithm + passphrase of up to 32Kb (not Kbit)... and if it doesn't match, you just get unreadable stuff. Frequency analysis masked, manual retrieved byte for random encryption cycling/passes which protect against automatic intents... But, as of Hui's concept don't connect that machine to the internet, or the equivalent don't use symmetrical pairs of public/private keys, just your one-way simple and easy to remember passphrase.
spreadsheet1
New Member
Zoukou55
This Excel Add-in has been optimized for speed in several ways, so you don't have to unprotected your Excel sheets during lunch breaks or leave your PC on overnight !
The evaluation version can remove passwords in the first 5 sheets present in a workbook.
The Add-in does not expire and can be distributed under the terms of the Creative Commons license listed below.
Both personal and commercial use are permitted.
No annoying pop-up appear, when you start Excel with the S1-Protection Add-in.
http://www.spreadsheet1.com/s1-protection-free.html
http://www.spreadsheet1.com/sheet-protection.html
This Excel Add-in has been optimized for speed in several ways, so you don't have to unprotected your Excel sheets during lunch breaks or leave your PC on overnight !
The evaluation version can remove passwords in the first 5 sheets present in a workbook.
The Add-in does not expire and can be distributed under the terms of the Creative Commons license listed below.
Both personal and commercial use are permitted.
No annoying pop-up appear, when you start Excel with the S1-Protection Add-in.
http://www.spreadsheet1.com/s1-protection-free.html
http://www.spreadsheet1.com/sheet-protection.html