Re: password protection

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Chad DeMeyer (cjdemeye)
Date: 08/04/04 

Date: Wed, 4 Aug 2004 08:30:09 -0700

A little more detail on making a password harder to crack:

Four types of characters can be used in constructing a password:
  a.. Upper case alphabetic (A-Z)
  b.. Lower case alphabetic (a-z)
  c.. Numeric (0-9)
  d.. Special (e.g., /?#$@*, etc.)
Use at least three of these types.
Don't use common words.
Use passwords of at least 8 characters.

Regards,
Chad

"Graham Mayor" <gmayor@DELETECAPSmvps.org> wrote in message
news:%23ILjOWjeEHA.3132@TK2MSFTNGP11.phx.gbl...
> The form issue is well known. It doesn't allow you to crack the original
> document, but it allows you to create an unprotected copy. This is well
> documented.
>
> The encryption on Word documents protected against opening is *much* more
> secure. There are lots of tools available to crack the passwords - there
is
> one I have tested linked from my web site - but they all have the same
> problem. If the password is complex then they resort to brute force
methods
> to crack, and this can take a long time.
>
> The demos of these apps. are all limited to a password of 4 characters
which
> they crack in an impressively short time. Make that password 8 or more
> characters and use random characters and symbols with random case changes
> and the time scale is dramatically extended. Only the really determined
are
> likely to persevere.
>
>
> --
> <>>< ><<> ><<> <>>< ><<> <>>< <>><<>
> Graham Mayor - Word MVP
>
> My web site www.gmayor.com
> Word MVP web site http://word.mvps.org
> <>>< ><<> ><<> <>>< ><<> <>>< <>><<>
>
>
> Avalon wrote:
> > Hi Guys
> >
> > Sorry to contradict you Word Gods but cracking passworded
> > documents is a piece of cake even if the document was
> > passworded in Word 2003.
> >
> > This is due to a lovely bug that was around back in the
> > Word 2000 days and a 3rd party piece of software.
> >
> > All you have to do, to gain access to a form passworded
> > document is:
> >
> > 1. Open a blank document
> > 2. Goto Insert\File
> > 3. Select the pasworded file
> > 4. Click Insert button
> >
> > Result: The contents and formatting of the passworded
> > file are inserted into the new document and the password
> > has been removed.
> >
> > The Microsoft knowledge base acknowledges this to be a
> > problem LMAO and that's all
> >
> >
> > The 3rd party piece of software out there that cracked all
> > MS passwords including the VBA ones is called
> >
> > "Advanced Office Password Remover".
> >
> > The reason i know all the above is, i work for a technical
> > authoring company that writes military documents and
> > security is very important to us. We finally came to the
> > conclusion that the only way to secure a word document is
> > to PDF it.
> >
> > That said the company that produces the office password
> > remover also produces a PDF password remover (grrrrrrrrr).
> >
> > If you guys find a solution to the above cracks please
> > post a reply, as they are a real problem for my industry.
> >
> > regards
> >
> > Avalon
> >
> >
> >
> >> -----Original Message-----
> >> "Suzanne S. Barnhill" <sbarnhill@mvps.org> wrote in message
> >> news:O1GQVMbeEHA.3412@TK2MSFTNGP11.phx.gbl...
> >>> Should be adequately secure.
> >>
> >> "Graham Mayor" <gmayor@DELETECAPSmvps.org> wrote in message
> >> news:eWmY%23SfeEHA.3916@TK2MSFTNGP11.phx.gbl...
> >>> An 8 digit password with random characters and case will keep the
> >>> best of the password crackers occupied for more time than anyone
> >>> but a government agency would think worth the effort.
> >>
> >> So how secure would be such Word document sent to a personal website
> >> or just to an
> >> e-mail address (my own) and left in a "hold" folder which I could
> >> create. This would enable
> >> be an access from anywhere to my personal data at effectively no cost
> >>
> >> Roman
> >>
> >>
> >>
> >>
> >> .
>
>

Quantcast