OpenOffice users who've locked their files and forgotten the password - or who have a document but not the password for it - can now crack their way in, thanks to a toolkit from a Russian developer specialising in password recovery. Unsurprisingly called OpenOffice Password Recovery, its developer Intelore claims it can even …
If you plan to use this on "secure" passwords or "strong" passwords, don't even try...
The majority that this application uses on a Windows XP platform, is just dictionary and upper case and lowercase dictionary words. It's useless in essence.
It won't guess or even get close to my 27 digit upper case and lower case password. It instantly marks it as failed, after giving it a 10-hour headstart. I'd atleast expect this application to get -close-.
Cracked but not broken
This seems to indicate that it's doing a search for the password and does not use the cipher text or a newly discovered numerical weakness in the encryption used by ODF. If this is correct then it seems important to add that while it helps users crack their documents, this tool is made possible by users choosing poor passwords or knowing part of the password and is not a vulnerability in ODF's encryption.
With this definition of cracking, anyone can use a tool to crack data encrypted with public key algorithms. It just might take longer than you'd like.
Given it's open source
It's a lot easier to design attacks when you have access to the code.
Also, the best protection against people reading your data is to physically prevent access to it.
Your last sentence seems to advocate security by obscurity, which has long been known to be a flawed method. Hiding the method does not make the information more secure, just less likely that someone will find a flaw. Finding flaws in a security system is a good thing in the long run, because there is the option to improve.
Instantly after ten hours
Funny, I'd've said "after poking about uselessly all day long" instead of "instantly".
Isn't the diversity of human perception wonderful ?
Russians DON'T crack OpenOffice security
All this guy has done is create an automated tool to try many different password in the hope that one will work. On that basis every password system comes pre-cracked - it just takes a while to get the right password.
Wassup El Reg? Slow news day?
Oh Giles, that comment was just dumb. The availability of the code has not made it more vulnerable at all.
Re: Russians DON'T crack OpenOffice security
Surely the point is that yes, he hasn't actually cracked the software itself, but instead has written a tool which allows the user to crack the password they used to secure their document. It's no different to any of the other password cracking tools out their.