• Hi All

    Please note that at the Chandoo.org Forums there is Zero Tolerance to Spam

    Post Spam and you Will Be Deleted as a User

    Hui...

  • When starting a new post, to receive a quicker and more targeted answer, Please include a sample file in the initial post.

Remove password

rickgram

New Member
Earlier versions of Excel had laughably weak password protection. Sheet protection (and similar components) gave instructions on creating a complex password. Meanwhile, Excel hashed whatever complex string of numerics, upper and lower case letters, and special characters you entered into a string of A's and B's with one additional character at the end. The length of the hash bore no relationship to the length of the "complex" password entered by the user. A 15 character password could end up as AABA#. Anyone who could write a little VBA could break those passwords by brute force attack in seconds. I did it myself one time when I forgot a password and could not locate my freeware tool, and I am no master of password cracking. That is, it was so simple that it was easier to write new code to unlock the workbook than to poke through my files to find the password identification software. Once identified, the hash was all that was required to unprotect the sheet and workbook elements. The VBA project password was harder and could not easily be discovered, but it could be removed pretty easily. Unlike the sheet/structure password bypass, removing the VBA project password leaves a tell that the project is changed, since it no longer has a password.

I had someone in my company who wanted me to protect a proprietary algorithm for a particular calculation in Excel. I told him that anyone who could open the workbook could unlock and examine his algorithm to their heart's content. The only way we could secure the algorithm against most attempts to view it was to password protect the workbook against opening, which would defeat the purpose of someone's being able to use the calculation. He needed a different system to secure the proprietary algorithm. Excel project and earlier password schemes were little more than TSA locks. It actually helps to know this kind of thing, as one can protect oneself and one's clients from being deceived by the appearance of security when none is actually present. It's a bit like Kryptonite bike locks from a decade or so ago that looked so secure, but could be opened with a Bic pen.
 
Top