There have been enough reports of OpenOffice failing to recognise passwords, and the files consequently becoming irretrievable, to convince me that password setting in OpenOffice is unreliable.
Where? In nearly all cases that I've seen on this list, the password issue has been because the user has forgotten it. I've used passwords on OOo since 1.1.1 and I've had not a single issue. What part is unreliable? As to encryption.. The method used in OOo is strong. In any even encryption algorithms usually fail, not due to the algorithm, but due to how they are implemented. eg, MS Office used to have a problem where they did not implement the construction of IV's properly. Accordingly despite the use of a 'strong' algorithm (RC4), the document protection could be circumvented: (http://www.schneier.com/blog/archives/2005/01/microsoft_rc4_f.html) If there is any doubt about the implementation of OOo encryption algorithms, feel free to have a look for yourself. That's the power of open source. If you don't have the expertise to know whether they are implemented properly, consider how many successful attacks (apart from brute force of course) there have been on a password protected OOo document ... I can't remember any. My money stays with OOo for protecting documents - bet you can't say the same thing for MS documents.... /paul On 1/25/07, Robin Laing <[EMAIL PROTECTED]> wrote:
Harold Fuchs wrote: > On Tuesday, January 23, 2007 4:57 PM [GMT+1=CET], > Dan Lewis <[EMAIL PROTECTED]> wrote: > >> Comments inline. > > The only real way to defeat a dictionary attack is to destroy the > encrypted document after <x> failures (x = 3, 5 ?) and hope the attack > isn't lucky within that <x>. One can also delay things considerably by > saying "after <x> failed attempts you can't try again for <n> minutes". I think that this should be the default. Of course if someone wishes, they could write an application to get around this limitation so we are back to a good algorithm to encrypt the data. -- Robin Laing --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Try Torpark; a small portable, open-source, built on Firefox browser that enables anonymous browsing. Requires no installation : http://www.torrify.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
