[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] Passwords
Daniel, Daniel Carrera wrote: >On Tue, 2006-28-11 at 16:42 +0100, Michael Brauer - Sun Germany - ham02 >- Hamburg wrote: > > >>actually, the "password" we are talking about do not belong to a >>security feature like digital signatures or encryption, but are only >>passwords that an office application user interface may request before a >>user may remove the write protection of a text section or table. >> >> > >For this purpose any hash will do fine since an attacker could always >just edit the XML to not require a password, correct? > > > >>The hash values we are talking about are only used to encode the >>password itself. >> >> > >Am I right to understand that any user could just edit the XML and >remove the password protection? If that is the case, then any hash will >be only marginally better than plain text. > > > Not exactly. If the file associations are not editable by the user, limiting opening of the file to the use of an ODF compliant application and they are denied access to a DOS command window (with edit or something similar) it can be made relatively secure. True, if the file were to be shared outside of such an environment, one would have to rely upon encryption of the entire file for protection. But it is important to not confuse the standard office OS setup, which is terribly insecure, with the use of ODF in more security minded establishments. If you reboot a computer with one popular OS using another certain OS on CD, I have heard tell you can edit the passwords into the OS itself. Strictly rumor mind you! Physical security is a first step that doesn't get discussed much. Hope you are having a great day! Patrick >Daniel. > > -- Patrick Durusau Patrick@Durusau.net Chair, V1 - Text Processing: Office and Publishing Systems Interface Co-Editor, ISO 13250, Topic Maps -- Reference Model Member, Text Encoding Initiative Board of Directors, 2003-2005 Topic Maps: Human, not artificial, intelligence at work!
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]