• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Is Excel 2003 password encryption strong enough?

A

Arcex

Senior member
First, I apologize if there is a previous post with this information, I searched and did not see one.

I need a bit of advice, I would like to send an Excel 2003 spreadsheet with sensitive information in it through email and need to know how safe it would be, I have researched this and am fairly knowledgable on the subjust but would like a second opinion.

As with any form of password protection there are 2 things to consider, encryption strength and password strength.

Excel 2003 does have encryption types of varying levels, the highest level is an RC4 standard, it is the "Microsoft Strong Cryptographic Provider". Through testing I found all the free trial encryption breaking programs I looked at said they could not break this level encryption, which would bring me to option 2:

Password complexity. All the password breaking programs I saw talked about dictonary attacks, brute force method, etc. Since I would be using a random stream of uppercase and lowercase letters, numbers, and symbols, of at least a 15 character length, I'm confident this would be too complex for a password breaking program to tackle.


So, what I want to know is, would I be safe using that level of encryption with an appropriately complex password? I'm not trying to keep the NSA out but I need to know that my data is safe. What do you guys think?
 
Supposedly the Office 2007 encryption is much better.

I would think that if you use a long string of random characters in Office 2003 you would be pretty safe.
 
True, the 2007 is better but we have 2003 and, just like Vista, don't plan to upgrade any time soon.

It is a good point though =-)
 
If you are worried I would encrypt the encrypted file using something like blowfish and then have the recipient unencrypt it with blowfish. I think that would be way more secure than just using built in office application password protection which I don't believe is all that secure from what I kind of remember reading a while back (this may have changed since then, but why take chances unless you are sure).
 
You could also consider zipping up the file in WinZip, 7Zip etc and use 256-bit AES encryption.

As with any program, while the encryption might be strong, the implementation might not be. Hard to say without researching each individual application version.
 
It is true, there are many better options when it comes to encryption, but for my companies purposes we need to know if what Excel 2003 alone offers for these specific emailed documents is safe.

There was an issue specifically with how 2003 implemented its RC4 encryption back in 2005, this was addressed in a Service Pack and either we we have determined that it wouldn't be an issue for us since we would be sending a single use document that wouldn't be vulnerable to the issue anyway.

I do appreciate the suggestions but if anyone knows specifically how Excel 2003's high level encryptions with strong passwords hold up I would be extremely thankful for them to let me know how safe they are.

PS. I apologize for the poor sentence structure in that last sentence. And for using the word "sentence" twice in the same... sentence.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top