Wednesday, February 21, 2018
Microsoft Office Encryption
MS Office allows you to protect documents (Word), spreadsheets (Excel), databases (Access), and presentations (PowerPoint) with a password. When MS Office products are protected, they are encrypted and a password is required to open and read them. The default encryption values for MS Office 2013 are AES (Advanced Encryption Standard), 128-bit key length, SHA1, and CBC (cipher block chaining). This provides reasonably good security for the content of your products, but you must ensure that you are using a strong password. (The 40-bit key RC4 protection used in earlier versions of MS Office, 97-2003, can typically be bypassed with password hacking software.)
To add a password to an MS Office product, click on the ‘File Tab’, choose the ‘Info’ Menu, and then click on the ‘Protect Document’ (‘Protect Workbook’, etc.) Button, and choose "Encrypt with Password" from the drop-down menu. Add a password to the open dialog box, confirm the password, and now your MS Office product will require a password the next time it is opened.
While MS Office Encryption provides good security for personal use, you should be aware of a potential security vulnerability if you use MS Office on a network. This vulnerability is a Microsoft tool called DocRecrypt.
Network administrators can use Group Policy to push registry changes that associate a certificate with password-protected documents. This certificate information is embedded in the file header. Later, if the password is forgotten or lost, use the DocRecrypt command line tool and the private key to unlock the file and, optionally, assign a new password.
Now, DocRecrypt won't recover the password for an encrypted document before this policy was established on the network, but once it is installed any MS Office encrypted documents you create thereafter will be able to be decrypted using the DocRecrypt tool.
One way to defeat the DocRecrypt tool is to create an encrypted document outside of the network and e-mail it to yourself. DocRecrypt shouldn't be able to add a decryption header to an already encrypted document.
While there are certainly better encryption tools than MS Office, the password-to-open / encryption function available in MS Office adds an additional layer of security to your documents, spreadsheets, databases, and presentations that is certainly far better than having no security at all. Would I use MS Office encryption to protect my most sensitive documents? No, probably not. At least not as my only form of encryption. Do I use MS Office encryption as an additional layer of security? Yes! It will keep most individuals and many local level agencies from accessing your data - when used with a strong password.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.