File encryption


Haydon

Well-known member
Power User
VIP
Local time
12:51 AM
Posts
1,992
OS
Windows 10 Pro
The quote below is from a parallel thread that I don't want to derail. It says that it is easy to crack open an encrypted Excel file. Is it?

Is it also easy to crack open encrypted files of Word, PowerPoint, other Office apps?

How about pdf files? They have 2 passwords, one is easy to crack, the other one is supposedly much harder to crack.

I thought that as long as the password was 8 characters long with upper cases, lower cases, numbers, special characters, it would take 100 years to crack open the encrypted file, by which time the file contents won't matter any more. Or am I wrong?

How secure is file encryption?

Be very careful here! We used to use a very sophisticated Excel workbook (e.g., with hidden worksheets, built-in automated procedures, multiple "tag" columns, password generator) until a friend showed me how easy it was to break the password - it took about 30 seconds. Now we use KeePass, which has superior functionality to what we'd built internally and is much more secure.
 

My Computer

System One

  • OS
    Windows 10 Pro
Which version of Office are you using?
 

My Computers

System One System Two

  • OS
    11 Pro 23H2 OS build 22631.3296
    Computer type
    Laptop
    Manufacturer/Model
    Acer Swift SF114-34
    CPU
    Pentium Silver N6000 1.10GHz
    Memory
    4GB
    Screen Resolution
    1920 x 1080
    Hard Drives
    SSD
    Cooling
    fanless
    Internet Speed
    13Mbps
    Browser
    Brave, Edge or Firefox
    Antivirus
    Webroot Secure Anywhere
    Other Info
    System 3

    ASUS T100TA Transformer
    Processor Intel Atom Z3740 @ 1.33GHz
    Installed RAM 2.00 GB (1.89 GB usable)
    System type 32-bit operating system, x64-based processor

    Edition Windows 10 Home
    Version 22H2 build 19045.3570
  • Operating System
    Windows 11 Pro 23H2 22631.2506
    Computer type
    Laptop
    Manufacturer/Model
    HP Mini 210-1090NR PC (bought in late 2009!)
    CPU
    Atom N450 1.66GHz
    Memory
    2GB
Just provide a general discussion, that's what this thread is all about.
 

My Computer

System One

  • OS
    Windows 10 Pro
Haydon earlier versions of the office suite were not as well secured as today's. So it's relevant but I will unwatch this topic and leave you to it
 

My Computers

System One System Two

  • OS
    11 Pro 23H2 OS build 22631.3296
    Computer type
    Laptop
    Manufacturer/Model
    Acer Swift SF114-34
    CPU
    Pentium Silver N6000 1.10GHz
    Memory
    4GB
    Screen Resolution
    1920 x 1080
    Hard Drives
    SSD
    Cooling
    fanless
    Internet Speed
    13Mbps
    Browser
    Brave, Edge or Firefox
    Antivirus
    Webroot Secure Anywhere
    Other Info
    System 3

    ASUS T100TA Transformer
    Processor Intel Atom Z3740 @ 1.33GHz
    Installed RAM 2.00 GB (1.89 GB usable)
    System type 32-bit operating system, x64-based processor

    Edition Windows 10 Home
    Version 22H2 build 19045.3570
  • Operating System
    Windows 11 Pro 23H2 22631.2506
    Computer type
    Laptop
    Manufacturer/Model
    HP Mini 210-1090NR PC (bought in late 2009!)
    CPU
    Atom N450 1.66GHz
    Memory
    2GB
Strange that people are always expecting specific problems and not expecting insight gathering.

I (and likely others here) knew about early Office (and other early) apps not being good at encryption, but that was long, long time ago. Nowadays, even casual apps like WhatsApp are encrypted.

Nonetheless, how secure are they now? Everything is moving ahead pretty fast, both encryption as well as the tools to crack it.
 

My Computer

System One

  • OS
    Windows 10 Pro
Usually support forums are for helping with problems. If a solution is offered without a relative question or issue involved and a product name is mentioned the Moderators can take it as advertising.
 

My Computers

System One System Two

  • OS
    Win11 Pro RTM
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 3400
    CPU
    Intel Core i5 11th Gen. 2.40GHz
    Memory
    12GB
    Hard Drives
    256GB SSD NVMe
  • Operating System
    Windows 11 Pro RTM x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Vostro 5890
    CPU
    Intel Core i5 10th Gen. 2.90GHz
    Memory
    16GB
    Graphics card(s)
    Onboard, no VGA, using a DisplayPort-to-VGA adapter
    Monitor(s) Displays
    24" Dell
    Hard Drives
    512GB SSD NVMe, 2TB WDC HDD
    Browser
    Firefox, Edge
    Antivirus
    Windows Defender/Microsoft Security
I think this forum is mostly a support forum indeed but it is also a discussion forum. So, in the latter sense, I tossed up an open issue for discussion.

Back to regular programming, since I mentioned WhatsApp in my last post, I think that one of its raison d'être (and raison d'être of similar apps) is that the service provider can deny responsibility for user-generated content that is flowing on their network, because they cannot know what the encrypted user-generated content is.

Since I mentioned pdf in an earlier post, it has a digital signature feature that a signing computer cannot deny. If encryption is used on top of that with a pre-agreed upon password, it becomes very difficult to deny who the human sender is and vice versa, it becomes very convincing to ascertain who the human sender is. So, here is another use for encryption other than security, i.e. aid for identification.

Edit: I am not trying to annoy anyone (n) I am trying to stimulate the discussion (y)
 

My Computer

System One

  • OS
    Windows 10 Pro
Quantum computing is eventually going to make Brute Force attacks much more powerful than they are right now so, it's only just a matter of time. Further, Sky ECC was deemed to be the most secure encrypted communications service in the whole world until the protection mechanism was cracked by specialists working at the Belgian police department, and so they managed to intercept close to 61,000 lbs of white powder in the port of Antwerp over the course of a month and a half. That's a lot of insight IMO (and it happened less than 2 years ago).
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
To encrypt files, I only use VeraCrypt containers or VHDX files encrypted with BitLocker. I don´t trust Office or PDF encryption at all.
 

My Computer

System One

  • OS
    Windows 10
If you use an encryption passphrase, your file is only as secure as that passphrase. Not saying that passphrases are not secure but depending on the sensitivity of the file sometimes a pass key is more secure. Whereas instead of needing a password to open the encrypted file , the user would need to provide a pass key to open the file (most of my passkeys are no less than 56 characters in length and without the key the file is useless).
I usually use encrypted files that require pass keys that are stored in the cloud.

If you really want to be paranoid about it , you can encrypt the file and put it inside another encrypted file or any combo thereof , provided you can remember the passphrases or keep track of the passkeys!
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2 build 23481.1000
    Computer type
    PC/Desktop
    Manufacturer/Model
    self built
    CPU
    Intel i5-6500 3.5 Ghz quad core
    Motherboard
    Gigabyte GA-170-HD3
    Memory
    Corsair 16GB
    Monitor(s) Displays
    Samsung Curved 23"
    Screen Resolution
    1920x1080
    Hard Drives
    8 Drives total: One 1TB M.2 SSD (for OS) Three internal Seagate Barracuda 1TB HDD's , 4 Western Digital External removable drives , 3 @ 1TB each and 1 8TB
    Browser
    Firefox
    Antivirus
    Bitdefender
That's the take of a vendor of a password cracking tool. The article does not say so directly, but my reading of it is that an office document from version 2013 and later, encrypted with a computer generated password 8 characters long, is pretty hard to break with 'normal' (commercial type of) resources.

Here is Wikipedia's take
Interesting is the following quote of the above "A July 1, 2021 cybersecurity advisory from British (NCSC) and American (NSA, FBI, CISA) security agencies warned of a GRU brute-force campaign from mid-2019 to the present (July 2021) that focused a "significant amount" of activity on Microsoft Office 365 cloud services." Those are state actors, but maybe us pitiful commercial types can derive inferences from it?
 

My Computer

System One

  • OS
    Windows 10 Pro

Latest Support Threads

Back
Top Bottom