Re: [libreoffice-users] State of password support.

I think I need to better define context.

There's no need to consider inter-operability. It is years I use open
document format only and convert on requirement. Of course this operation
is considered with care.
People interested in choosing a password might have to check
arstechnica.comas they have plenty of information.
I am not asking about the strength of encryption either: the data I'm
currently mangling is more important than others but not so much I need to
make it NSA-proof. BTW, I can tell from experience AES-256 is going to be
enough in many cases. In my case, everything preventing accidental opening
is sufficient, including a ROT4.

So, to state my concerns more clearly,
In your experience, how is stable and trustable are password protected LO
files?

Massimo


2013/12/18 Tom Davies <tomcecf@gmail.com>

> Hi :)
> Thought a few people might be interested in these links
> http://en.wikipedia.org/wiki/John_the_Ripper
>
> http://xkcd.com/936/
>
>
> http://www.zdnet.com/blog/security/25-most-used-passwords-revealed-is-yours-one-of-them/12427
>
> So a hugely significant number of people still think that "password"
> is an awesomely clever password.  How often do you overhear someone on
> a phone or a train trying to tell someone what the password is
> discretely so that other passengers don't hear it, only to hear them
> have to then repeat the password louder and louder and maybe even have
> to spell it out letter-by-letter.  Weirdly more complex passwords
> never seem to need repeating.
>
> Regards from
> Tom :)
>
>
>
> On 17 December 2013 15:34, Tom Davies <tomcecf@gmail.com> wrote:
> > Hi :)
> > Hopefully there was just a misunderstanding somewhere there!  Password
> > protection can be useful but only really when used in combination with
> > other security measures.
> >
> > There were some problems early on, around 3.3.x maybe up to 3.4.x but
> > i haven't heard of any problems for years now.  Personally i avoid
> > password protecting files and just keep such files well out of reach
> > of anyone that wouldn't be authorised to see them.  Emails and
> > usb-sticks make that tricky though!
> >
> > Early on i noticed that MS Office password-protected files could
> > easily be opened in LibreOffice.  In fact i didn't even realise my
> > companies finance files were individually password protected until
> > after i had opened them and the finance director saw i had the file
> > open and went ashen-faced.  I've been told it happens the other way
> > around too, that LibreOffice or OpenOffice files that are password
> > protected can be easily opened in MS Office but i've never tried it
> > out.
> >
> > Password protection is good to prevent causal accidental intrusion
> > from polite colleagues but it's not reliable enough on it's own.
> > Given enough time any password can be cracked.  So, password
> > protection is best when used in combination with other security
> > measures, such as [shudders] encryption, or just keeping the files out
> > of reach (if that is at all possible these days).
> >
> > All security is often at the expense of productivity and security
> > measures tend to restrict valid personnel from legitimate work rather
> > than slowing down hackers/crackers.  So, take care!
> >
> > Regards from
> > Tom :)
> >
> >
> >
> > On 17 December 2013 15:12, Massimo Del Zotto <massimodz8@gmail.com>
> wrote:
> > > Hello mailing list users.
> > > I am currently an OOo user. It's a while I hear about LO, but so far
> never
> > > got truly disappointed by it so I resisted change.
> > > However, I recently had a problem with OOo password protection. Somehow
> it
> > > disabled password protection for a file I was working on and it took me
> a
> > > while to restore it. Asking for help on OOo forum, I have been informed
> > > password protection is somehow considered "unnecessary" by... I don't
> know
> > > who to be honest.
> > > The important point is that I have been informed of various issues OOo
> > > seems to have with password protection. The forum administrator strongly
> > > suggested me to not use it, and even pointed out a few previous cases in
> > > which password protection caused data loss (!!!).
> > > I think *this is unacceptable *so I started looking more seriously at
> LO.
> > > Digging the mailing list archives, I noticed there are quite a few
> messages
> > > regarding password protection. It seems most problem were between
> keyboard
> > > and chair, the only exception being perhaps an inter-operability problem
> > > after switching to AES-256.
> > >
> > > In your experience, how is LO with password protection?
> > >
> > > Thank you,
> > > Massimo
> > >
> > > --
> > > To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
> > > Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> > > Posting guidelines + more:
> http://wiki.documentfoundation.org/Netiquette
> > > List archive: http://listarchives.libreoffice.org/global/users/
> > > All messages sent to this list will be publicly archived and cannot be
> deleted
> > >

-- 
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted