Microsoft Excel is one of the most versatile and useful programs in the Office suite. In fact, if the attacker is a state actor and can subpoena Google, the last point becomes even more poignant.Microsoft Excel templates to help you create spreadsheets with ease Automated tools might find encrypted files or protected cells, but they won't suspect that Mary's birthday was last Thursday encodes the password Znel'foveguqnljnfynfgGuhefqnl.Īll these considerations apply to a file stored on Google Drive or other cloud platform as well. You could probably find a way to obfuscate the data in an Excel cell that is not obviously either a password or protected somehow. Automated tools might be able to sniff many ways of hiding data in Excel, but only MS Excel implements all of it. Excel is a proprietary format, notoriously difficult to implement 100%.There could plausibly be hundreds of Excel files, difficult to determine which could contain valuable information.The attacker might not think to look for the passwords in an Excel file, especially if the target is tech-savy and there are decoy Keepass files on the system. home/appelbaum/.well-hidden.kbd: Keepass password database 2.x KDBXįinding Excel files is no harder, but with Excel files: $ find / -type f -exec file \ | grep Keepass In such a case, it would be trivial to search for e.g. Most scenarios in which Excel-vs-password-manager make a difference involve an attacker accessing your system ( password-encrypted Excel sheets are only protected at rest, etc.). Less secure than using dedicated password manager software (or keeping your passwords off-line).Īs a counterpoint to the intuitive "no, Excel is not a password manager" I'd like to present a threat model in which the Excel-stored password is safer. More secure than storing them unencrypted (or reusing a single password for multiple accounts), it is also Thus, while storing your passwords in an encrypted Excel file is However, as Adam Katz's answer describes in more detail, good at-rest encryption is not the only important factor when choosing a password manager. Thus, from a cryptographic point of view, feature 2 is absolutely insecure, whereas feature 1 offers reasonable at-rest encryption when used with a strong password in current versions of Excel. It's a convenience feature that protects designated cells in your file (a) from accidental modification by users and (b) from deliberate modification by unskilled users. This kind of protection can easily be bypassed by a skilled user by modifying the XLSX file. Microsoft explicitly states that "Worksheet level protection is not intended as a security feature". This is what Microsoft calls "Protect a workbook" and "Protect a worksheet". earlier versions of Office used various algorithms which are now considered insecure.Office 2007–2013 uses 128-bit AES for Office Open XML files.RC4 (considered insecure) when encrypting files in the legacy formats (doc, xls.256-bit AES when encrypting Office Open XML files (docx, xlsx.This feature encrypts the whole file with symmetric encryption: There are two fundamentally different ways to "protect an Excel sheet with a password".įile encryption: This is what Microsoft calls "Protect an Excel file". In the existing answers, a lot of "Excel is not secure" gets thrown around, so let's look at what this means in detail.įirst, we need to establish which Excel feature we are talking about.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |