|
6.3. Password Protect and Encrypt WorkbooksPasswords are a simple way to protect sensitive data in a workbook. You can use passwords to encrypt a workbook to provide added security. Encryption prevents hackers from being able to read your workbook by disassembling the file in some way. Note: Passwords and encryption are fundamental security techniques.If you understand how Excel implements them, you'll know how much to trust them. 6.3.1. How to do itTo add a password to a workbook in Excel:
To add encryption to a workbook:
Figure 6-6. Adding encryption to a workbookThe encryption providers you have installed may vary depending on your location. Some encryption providers are not available outside of the United States, so you will want to take that into consideration if you are distributing encrypted files internationally. The longer the encryption key, the harder it is for a hacker to decrypt data. All software-based encryption such as this is potentially reversible without the key. 6.3.2. How secure are Excel Passwords?It depends. Encrypting a workbook makes it very difficult to extract passwords from a workbook by peeking inside the file in some way. However, Excel does leave passwords open to guessing attacks. In short, you can write a macro to call the Open method repeatedly with various passwords until you find one that works. That's because Excel doesn't lock out attempts after a certain number of wrong passwords they way most networks do. Therefore, Excel passwords are only as good as their complexity. For example, a four-character all-lowercase workbook password takes about 40 minutes to guess using brute-force techniques on my 2.0 Ghz machine. By extrapolation, a mixed-case four-character password would take over 10 hours and a six-character password using any valid character (letters, numbers, or symbols) would take 883 years. That sounds pretty secure, but remember this is just using brute-force techniquesstarting at Chr(33) and working through the valid character set. There are many ways to optimize guessing that reduces these times significantly. The controlling factors are how many attempts are made before guessing correctly and how long it takes Excel to run the Open method and return an error if the guess is wrong. Just for example, the Excel Key service on the Web promises password-recovery in four to seven days, regardless of password length. These same guessing techniques can be applied to password-protected items within a workbook, such as worksheets. It is, in fact, much easier to guess the password for a protected worksheet because the Unprotect method returns an error five times faster than the Open method. So what should you do? Here are some recommendations:
Permissions or other identity-based approaches are really much better at securing data than password-based approaches. 6.3.3. What about...
|
|