It is currently Thu Dec 14, 2017 10:28 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: ExcelPass
PostPosted: Sat May 07, 2016 3:42 am 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 4139
[Moderator note: this is the primary ExcelPass program thread. View database entry]

---

Quote:
ExcelPass is the software to quickly set and clear the password to Excel files as well as Word files, PowerPoint files, PDF files and Zip files. But You can not open the file the password is not known.


https://github.com/fukuyori/ExcelPass

Image

Requires: .NET Framework 4.0
Settings: does not look like it stores any settings at all

Download the installer (.zip archive) and uniextract.

_________________
Bəəs 2.0


Top
 Profile  
 
 Post subject: Re: ExcelPass
PostPosted: Sat May 07, 2016 11:55 am 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7416
Location: US, Texas
Impressive find.

Recommendations

  • Run ZIPs separately - Avoid using ZIP files with other file types as the ZIP format only accepts READ passwords and has no facility to prevent WRITE. This is just something in the way ZIP files are and has nothing to do with ExcelPass.

  • Password length - It gave an error message on a 20-character password but I got up to 16 characters without issue.

  • Read protection note - I tested out the PDF edit prevention and it seemed to work pretty well, although I don't generally trust mechanisms like that. Again, this has nothing to do with the program but PDF and Microsoft Word security generally. They're a bit like movie and music DRM; you're just making it annoying but not impossible to edit.

  • Only Basic Security - I definitely wouldn't use any of this for bank records or other critical data but for basic security or a second layer of protection, this is excellent. 7zip or VeraCrypt is probably ideal for high security needs. If I'd known of a way to (in batch) add passwords to Microsoft Word documents, I would have used that feature much more frequently.

License: multiple open licenses: main program is MIT, iTextSharp is Affero GNU Public License and SharpZipLib is GPL. I'm a little unclear if an MIT program can contain a GPL program but whatever.

Screenshot

Image

Wishlist

  • Some kind of note at the bottom of the window that the process is complete
  • Broader format support (maybe 7zip?)
  • For ZIP files,
    • The ability to encrypt file names
    • Ability to skip/ignore the error message about WRITE and just add the read password

----

    Image

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Top
 Profile  
 
 Post subject: Re: ExcelPass
PostPosted: Wed Aug 03, 2016 5:51 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7416
Location: US, Texas
ExcelPass has been added to the database.

Although I admit that the security this program uses is far from foolproof, it's a very positive step. As someone who's been using encryption tools for years, the only thing I've ever been able to get anyone to use is a ZIP file with an agreed-upon password. Hopefully this program will help improve that.

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Top
 Profile  
 
 Post subject: Re: ExcelPass
PostPosted: Thu Aug 04, 2016 6:29 am 
Offline

Joined: Mon Mar 16, 2009 11:56 am
Posts: 262
Thanks for having added this useful tool to the database, dear :mrgreen:

However, (on my Win 7 32 bit with .NET Framework 4.0) I have tried to drag and drop doc/x xls/x files and nothing happens... Am I missing something?

Thanks


Top
 Profile  
 
 Post subject: Re: ExcelPass
PostPosted: Fri Aug 05, 2016 2:10 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7416
Location: US, Texas
spicydog wrote:
However, (on my Win 7 32 bit with .NET Framework 4.0) I have tried to drag and drop doc/x xls/x files and nothing happens... Am I missing something?

That's very strange - I have the same setup and I've had no issue. Maybe open a case on the Github site? *shrug*

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Top
 Profile  
 
 Post subject: Re: ExcelPass
PostPosted: Sun Aug 21, 2016 12:15 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7416
Location: US, Texas
So I did some digging to try and figure out what strength encryption ExcelPass is using, specifically the PDF component.

  1. According to line 89, it lists 128, which I assume is the bit size:
    https://github.com/fukuyori/ExcelPass/b ... ass/pdf.cs

  2. Unfortunately there's a 128 RC4 setting used by Acrobat 6 and later (PDF 1.5) https://helpx.adobe.com/acrobat/using/s ... words.html which is not ideal. RC4 has known weaknesses.

  3. When I checked the Document Properties window inside Acrobat, it noted under the security tab that it can be opened by Acrobat 5.0 and later, which indicates fairly low-level security. There's an additional "Details" button that shows 128 RC4: http://i.imgur.com/LN6pv7v.png (putting this as a link as the image is fairly large)

It looks as if the encryption offered by ExcelPass will keep out 95% of attackers, but the remaining 5% (basically those with some technical skill) will be able to get in with their eyes closed. A much more secure solution is available by saving to 7z format with a long password, but of course not everyone uses 7zip.

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Last edited by webfork on Sun Aug 21, 2016 12:43 pm, edited 1 time in total.
(add note about more secure solutions)


Top
 Profile  
 
 Post subject: Re: ExcelPass
PostPosted: Sun Oct 02, 2016 1:27 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7416
Location: US, Texas
Out of curiosity, I went looking for tools that will enable higher-strength PDF encryption. The various PDFTK front ends offer some options for adding security (though only read protection).

LibreOffice will also let you add a password to a PDF but it's not an viewer so much as a editor. It opens PDFs differently than other programs, making it a non-simple procedure. How-to Geek covers only some of this (Doc to PDF with a password). If I get a chance, I'll make a howto on this process.

Unfortunately, all of these programs (according to PDF X-Change properties view) use 128-bit RC4. Again, it's probably adequate security but lacks protection in the long term or from a dedicated attacker.

----

NOTE: PDFCreator (I greatly dislike this program but it's becoming ubiquitous) will also encrypt to a high security format: http://i.imgur.com/qZi7rTl.png

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Last edited by webfork on Tue Apr 18, 2017 3:56 pm, edited 2 times in total.
(fixed poor wording)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group