Hi :) Brilliant!! Ahhh, just thought of a problem. Was it xls or xlsX? If it has an X at the end then just rename the file to replace .xlsx with .zip and then double-click on it.
Can the xml files be pulled into a new file without pulling the password along at the same time? Regards from Tom :) >________________________________ > From: Dennis E. Hamilton <[email protected]> >To: 'Dr. R. O Stapf' <[email protected]>; [email protected] >Sent: Tuesday, 16 October 2012, 14:34 >Subject: RE: [libreoffice-users] Re: how to crack a PW in LO? > >It is important to separate the use of passwords to set >protections from use of a password to encrypt the document. > >Only "Save with Password" provides cryptographic security >of the document. > >The "Save with Password" encryption is difficult to attack. >The password is usually the weakest point and the password >may fall to a variety of attacks that use pre-computed >dictionaries of SHA1 digests and other brute-force >techniques. It is also possible that an attack may break >the encryption without discovering the password itself. >All of these attacks are believed to required great effort. >In general, one should expect that a password used in >"Save with Password" is not discoverable unless it is >carelessly chosen or heavily reused. > >The harder the password is to attack, the harder it is >to recover, of course. > >In contrast, all of the protection settings are insecure. > >The protections are trivial to remove. It can be done >by any knowledgeable user with a Zip utility and an XML >editor. It is not necessary to know the password to >remove the protection. However, all passwords used in >making protection settings should be considered compromised. >That is because the document stores an SHA1 or other unsalted >hash in "plain view" in the document. These hashes are >cracked with ease using conventional systems. A password >used to set a protection should not be used for any >more-private purpose. In particular, if the same passwords >are used for protections on unencrypted documents and for >saving with password (encryption), the encryption can be >broken directly using the SHA1 digest from the protection >setting. > >Protection settings are on spreadsheet fields and sheets. >There are protection settings on text as well. The >protection against altering change-tracking and the >protection for keeping a document read-only are all of >this kind. The protection is useful for avoiding mistaken >alterations. > >It is easy for all of these protections to be removed, the >document altered, and the protections restored with the >very same unlocking password without ever having to >know the password. > >A digital signature can prevent the document from undetected >alterations, but that doesn't work for turnaround documents >where some alterations are meant to be allowed. > >There is more explanation of the use and risk of protections, >and their removal, here: ><https://tools.oasis-open.org/version-control/svn/oic/Advisories/00009-ProtectionKeySafety/trunk/description.html> > >A proposal for more-reliable security of protection passwords >(but not the protections themselves) is before the >OASIS ODF TC: ><https://www.oasis-open.org/committees/document.php?document_id=46220>. > >- Dennis > > >-----Original Message----- >From: Dr. R. O Stapf [mailto:[email protected]] >Sent: Tuesday, October 16, 2012 06:30 >To: [email protected] >Subject: Re: [libreoffice-users] Re: how to crack a PW in LO? > >you are perfectly right about this!!! > > >On 16.10.2012 22:22, Andrew Douglas Pitonyak wrote: >> Unless you have a lot of time to kill (days, weeks, months, etc), you are >> much better off not >> forgetting your password. > > > -- For unsubscribe instructions e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
