Re: [users] Secure a Document

Thu, 25 Jan 2007 11:56:43 -0800 

On Thursday, January 25, 2007 5:47 AM [GMT+1=CET],
Robert <[EMAIL PROTECTED]> wrote:


On Wednesday 24 January 2007 16:50, Paul wrote:
<snip>

If you don't have the expertise to know whether they are implemented
properly, consider how many successful attacks (apart from brute
force of course) there have been on a password protected OOo
document ... I can't remember any. My money stays with OOo for
protecting documents - bet you can't say the same thing for MS
documents....

/paul


I don't mean this as a troll, but there are two problems with your
statement.

1) Despite the wishes and hard work of many (including myself), OOo
is still a minor player in the office suite market. There may simply
be not enough OOo password protected documents out there of enough
value for someone with the expertise to break the encryption to
bother even trying.

2) If a break did occur, would the breaker publish that fact? A white
hat might, but there seem to be many more black hats than white
nowadays. --
Fail to learn history-repeat it.
Fail to learn rights-lose them.
Learn both-get screwed by previous two groups.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
OpenOffice uses quite a strong algorithm. See http://en.wikipedia.org/wiki/Blowfish_(cipher). That's always assuming it has been implemented properly. The reason I think it probably has is that OO is part of the Open Source movement and I'd bet money the authors used an already published implementation; there are readily available free sources of Blowfish as part of a C++ library.
One of the main ideas about encryption is the time needed to decrypt a particular document compared to the useful/valuable life of the document. If I won't care about what's in my document after a month and the mechanism I used to encrypt it takes 2 months to decrypt then I'll use that mechanism. If I need to keep my document secret longer then I'll use a stronger algorithm with a stronger key.
And no, we might never know that Blowfish has been broken although this seems unlikely because it is widely used and therefore widely analysed by whitehats. 

Harold Fuchs
London, England 
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to