back to article Russians crack OpenOffice security

OpenOffice users who've locked their files and forgotten the password - or who have a document but not the password for it - can now crack their way in, thanks to a toolkit from a Russian developer specialising in password recovery. Unsurprisingly called OpenOffice Password Recovery, its developer Intelore claims it can even …

COMMENTS

This topic is closed for new posts.
  1. Steven Lee

    Secure passwords?

    If you plan to use this on "secure" passwords or "strong" passwords, don't even try...

    The majority that this application uses on a Windows XP platform, is just dictionary and upper case and lowercase dictionary words. It's useless in essence.

    It won't guess or even get close to my 27 digit upper case and lower case password. It instantly marks it as failed, after giving it a 10-hour headstart. I'd atleast expect this application to get -close-.

  2. Anonymous Coward
    Anonymous Coward

    Cracked but not broken

    This seems to indicate that it's doing a search for the password and does not use the cipher text or a newly discovered numerical weakness in the encryption used by ODF. If this is correct then it seems important to add that while it helps users crack their documents, this tool is made possible by users choosing poor passwords or knowing part of the password and is not a vulnerability in ODF's encryption.

    With this definition of cracking, anyone can use a tool to crack data encrypted with public key algorithms. It just might take longer than you'd like.

  3. Giles Jones Gold badge

    Given it's open source

    It's a lot easier to design attacks when you have access to the code.

    Also, the best protection against people reading your data is to physically prevent access to it.

  4. Bob Hannent

    Open security

    Giles,

    Your last sentence seems to advocate security by obscurity, which has long been known to be a flawed method. Hiding the method does not make the information more secure, just less likely that someone will find a flaw. Finding flaws in a security system is a good thing in the long run, because there is the option to improve.

    Bob

  5. Pascal Monett Silver badge

    Instantly after ten hours

    Funny, I'd've said "after poking about uselessly all day long" instead of "instantly".

    Isn't the diversity of human perception wonderful ?

    Pascal.

  6. Barry

    Russians DON'T crack OpenOffice security

    All this guy has done is create an automated tool to try many different password in the hope that one will work. On that basis every password system comes pre-cracked - it just takes a while to get the right password.

    Wassup El Reg? Slow news day?

    Oh Giles, that comment was just dumb. The availability of the code has not made it more vulnerable at all.

  7. Keith Langmead

    Re: Russians DON'T crack OpenOffice security

    Surely the point is that yes, he hasn't actually cracked the software itself, but instead has written a tool which allows the user to crack the password they used to secure their document. It's no different to any of the other password cracking tools out their.

This topic is closed for new posts.