Feeds

back to article Russians crack OpenOffice security

OpenOffice users who've locked their files and forgotten the password - or who have a document but not the password for it - can now crack their way in, thanks to a toolkit from a Russian developer specialising in password recovery. Unsurprisingly called OpenOffice Password Recovery, its developer Intelore claims it can even …

COMMENTS

This topic is closed for new posts.

Secure passwords?

If you plan to use this on "secure" passwords or "strong" passwords, don't even try...

The majority that this application uses on a Windows XP platform, is just dictionary and upper case and lowercase dictionary words. It's useless in essence.

It won't guess or even get close to my 27 digit upper case and lower case password. It instantly marks it as failed, after giving it a 10-hour headstart. I'd atleast expect this application to get -close-.

0
0
Anonymous Coward

Cracked but not broken

This seems to indicate that it's doing a search for the password and does not use the cipher text or a newly discovered numerical weakness in the encryption used by ODF. If this is correct then it seems important to add that while it helps users crack their documents, this tool is made possible by users choosing poor passwords or knowing part of the password and is not a vulnerability in ODF's encryption.

With this definition of cracking, anyone can use a tool to crack data encrypted with public key algorithms. It just might take longer than you'd like.

0
0
Gold badge

Given it's open source

It's a lot easier to design attacks when you have access to the code.

Also, the best protection against people reading your data is to physically prevent access to it.

0
0

Open security

Giles,

Your last sentence seems to advocate security by obscurity, which has long been known to be a flawed method. Hiding the method does not make the information more secure, just less likely that someone will find a flaw. Finding flaws in a security system is a good thing in the long run, because there is the option to improve.

Bob

0
0
Silver badge

Instantly after ten hours

Funny, I'd've said "after poking about uselessly all day long" instead of "instantly".

Isn't the diversity of human perception wonderful ?

Pascal.

0
0

Russians DON'T crack OpenOffice security

All this guy has done is create an automated tool to try many different password in the hope that one will work. On that basis every password system comes pre-cracked - it just takes a while to get the right password.

Wassup El Reg? Slow news day?

Oh Giles, that comment was just dumb. The availability of the code has not made it more vulnerable at all.

0
0

Re: Russians DON'T crack OpenOffice security

Surely the point is that yes, he hasn't actually cracked the software itself, but instead has written a tool which allows the user to crack the password they used to secure their document. It's no different to any of the other password cracking tools out their.

0
0
This topic is closed for new posts.