GreenthumbUK
MIS
I have written some scrpits within Excel that I dont want anyone to be able to see or access, how can i do this??
cheers
cheers
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Security !!! 5
- Thread starter GreenthumbUK
- Start date
- Status
-
2
- #2
Harlequin007
Technical User
Thanks DrSmyth
I was looking for a way to protect my code from snooping eyes also
-----------------
Cogito Ergo Sum
-----------------
I was looking for a way to protect my code from snooping eyes also
-----------------
Cogito Ergo Sum
-----------------
Bear in mind that if anyone REALLY wants to see your code, it'll only cost them about £25 to buy an addin that can crack VBE passwords....
Rgds, Geoff
Never test the depth of water with both feet
Help us to help you by reading FAQ222-2244 before you ask a question
Rgds, Geoff
Never test the depth of water with both feet
Help us to help you by reading FAQ222-2244 before you ask a question
Harlequin007
Technical User
I thought there'd be a cracker available XL.
I just want to diswade the idle browser. I've put a lot of effort into giving them a tool for the job and don't want them rubbing their hands and hitting the keyboard without thinking.
-----------------
Cogito Ergo Sum
-----------------
I just want to diswade the idle browser. I've put a lot of effort into giving them a tool for the job and don't want them rubbing their hands and hitting the keyboard without thinking.
-----------------
Cogito Ergo Sum
-----------------
no probs - just thought I'd put the warning there just in case - For anyone else reading this and thinking about sending out sensitive data in excel - DON'T. Even the most rigorous code / protection can be undone in very little time for very little money......
Rgds, Geoff
Never test the depth of water with both feet
Help us to help you by reading FAQ222-2244 before you ask a question
Rgds, Geoff
Never test the depth of water with both feet
Help us to help you by reading FAQ222-2244 before you ask a question
I'm having the same problem you do with security, GreenthumbUK.
And I don't trust this password protection at all (as said by xlbo).
My first solution to this security problem was to put all my vba code in a vb .exe. But the program ran much slower than before.
Now I have an idea to put all my vba code in a dll. This way I could just import my dll in vba and use it. The problem is I'm new to vba and I have no idea of how I could accomplish this.
Any help would be very welcome.
Thanks, Henrique.
And I don't trust this password protection at all (as said by xlbo).
My first solution to this security problem was to put all my vba code in a vb .exe. But the program ran much slower than before.
Now I have an idea to put all my vba code in a dll. This way I could just import my dll in vba and use it. The problem is I'm new to vba and I have no idea of how I could accomplish this.
Any help would be very welcome.
Thanks, Henrique.
Harlequin007
Technical User
While we're on the subjectXL, I've never found a way to crack Acces DBs. And I have a few old ones I forgot the password to.
-----------------
Cogito Ergo Sum
-----------------
-----------------
Cogito Ergo Sum
-----------------
xlbo,
"Even the most rigorous code / protection can be undone in very little time for very little money...... "
Heh, heh - bet you can't break my Encoder tool's protection! It scrambles the data/formulas directly, rendering the sheet worthless without my addin AND the correct "key phrase".![[lol]](/data/assets/smilies/lol.gif "[lol] [lol]")
VBAjedi![[swords]](/data/assets/smilies/swords.gif "[swords] [swords]")
"Even the most rigorous code / protection can be undone in very little time for very little money...... "
Heh, heh - bet you can't break my Encoder tool's protection! It scrambles the data/formulas directly, rendering the sheet worthless without my addin AND the correct "key phrase".
VBAjedi
No good, Geoff. I'm not locking anything down, I'm mathematically altering (based on a key phrase which isn't stored anywhere in the file) the ASCII value of each character to turn the actual contents into hamburger. You can open it in whatever you want, and you'll still get nothing but gibberish!
![[rofl]](/data/assets/smilies/rofl.gif "[rofl] [rofl]")
I'm definitely biased because I wrote it, but I think it's a tasty bit of code. . .
VBAjedi
I'm definitely biased because I wrote it, but I think it's a tasty bit of code. . .
VBAjedi
TonyJollans
Programmer
jedi,
No disrespect to you, but isn't a large part of your security really down to secrecy? I would guess that if your Encoder was widely available, cheap tools to crack it would soon follow unless you're using some pretty sophisticated algorithms.
I don't know about Geoff, but my knowledge of encryption is limited. I can, however, very easily find tools which exploit other people's greater knowledge.
Enjoy,
Tony
--------------------------------------------------------------------------------------------
We want to help you; help us to do it by reading this: Before you ask a question.
No disrespect to you, but isn't a large part of your security really down to secrecy? I would guess that if your Encoder was widely available, cheap tools to crack it would soon follow unless you're using some pretty sophisticated algorithms.
I don't know about Geoff, but my knowledge of encryption is limited. I can, however, very easily find tools which exploit other people's greater knowledge.
Enjoy,
Tony
--------------------------------------------------------------------------------------------
We want to help you; help us to do it by reading this: Before you ask a question.
There's always a soft point anyway - at some point, the file must be able to be opened and read normally - therefore there is a way in. If there is a password, it can generally be cracked, if it works on encryption, it still probably needs a password and therefore can be cracked
Sorry Luke but excel just ain't that safe - any passwords you use on it can be cracked in a matter of minutes if not seconds, rendering the encryption useless - unless of course you have a "3 strikes and yer out" password that permanently scrambles the data once the password has been entered incorrectly 3 times - this would mean that the data would be irrecoverable by anyone though.....
Rgds, Geoff
Never test the depth of water with both feet
Help us to help you by reading FAQ222-2244 before you ask a question
Sorry Luke but excel just ain't that safe - any passwords you use on it can be cracked in a matter of minutes if not seconds, rendering the encryption useless - unless of course you have a "3 strikes and yer out" password that permanently scrambles the data once the password has been entered incorrectly 3 times - this would mean that the data would be irrecoverable by anyone though.....
Rgds, Geoff
Never test the depth of water with both feet
Help us to help you by reading FAQ222-2244 before you ask a question
-
3
- #15
>excel just ain't that safe
Password protection of Excwel (and the other office products) was substantially improved as from Office 2000 onwards.
The old methods that used to allow you to crack Excel open in seconds or minutes no longer work.
This is not to say that it is invulnerable to attack, but most commercial crackers are forced to use dictionary and brute-force attacks against Excel nowadays, and a good password practice (e.g 8 chars or more, no words from dictionary, mix alpha and numeric) mean that it can take a long time...
Several of the commercial services use a slightly different approach (which essentially involves breaking the encryption key rather than determining the password) that allows them to guarantee that they can crack the password in a week "or your money back"
Having said all that, the original question asks about protecting scrips - and, unfortunately, there still appears to be a backdoor into password-protected VBA
Password protection of Excwel (and the other office products) was substantially improved as from Office 2000 onwards.
The old methods that used to allow you to crack Excel open in seconds or minutes no longer work.
This is not to say that it is invulnerable to attack, but most commercial crackers are forced to use dictionary and brute-force attacks against Excel nowadays, and a good password practice (e.g 8 chars or more, no words from dictionary, mix alpha and numeric) mean that it can take a long time...
Several of the commercial services use a slightly different approach (which essentially involves breaking the encryption key rather than determining the password) that allows them to guarantee that they can crack the password in a week "or your money back"
Having said all that, the original question asks about protecting scrips - and, unfortunately, there still appears to be a backdoor into password-protected VBA
I agree with all the comments about 'password protection' but still use it to stop people with even less knowledge than me from tinkering, getting the wrong answers and blaming me to other people!!!
On a related issue, many of my macros run a query to extract data from a host database, and then reformat / graph / pivot the results. Is there any way to stop people viewing or modifying the query? Same reasons apply.
Henio
On a related issue, many of my macros run a query to extract data from a host database, and then reformat / graph / pivot the results. Is there any way to stop people viewing or modifying the query? Same reasons apply.
Henio
mscallisto
Technical User
It's very difficult to add security to "interpretive" languages (VBA), period.
Tony,
My method only relies on the secrecy of the key string. If the key is easily guessable, my approach is as defenseless as any other approach. The algorythm is so simple as to be almost inconsequential (precisely because I knew there is no way to hide it in Excel), and is based on an old, but still respected, encryption technique. So, choosing a good key of sufficient length is the key (pardon the pun!).
xlbo,
I certainly respect your knowledge about Excel, but I think perhaps the difference between password protection and data encryption hasn't fully registered with you yet. [LOL] What I'm doing has NOTHING in common with the vulnerablility of Excel's built-in password protection.
Actually, my method is more like "One strike and you're out". To decrypt the data, the algorythm is reverse-applied to the scrambled data using whatever key you specify. So if you enter the wrong key phrase, the data gets even MORE scrambled. Your only option at that point is to close the workbook without saving, reopen it, and try again.
As far as writing a cracker routine, it would be tough (but I would LOVE to see you try!). Even after you had my algorythm (which would be easy enough to get - just crack the project password), you're stuck with using a brute-force approach to find the key string (which can be any length - hundreds of characters long if I so desire). To make things worse, you have to write some kind of sophisticated code that recognizes valid content (or have a human check the results of each attempt), because there is NO other indication as to whether you've found the correct password. Then it has to automate the above-mentioned process of closing/reopening the target file for every unsuccessful attempt - not difficult, but time-consuming (and time is the enemy in brute-force decryption).
In summary - yes, it is certainly crackable, but I suspect the people with the time, knowhow, and computing resources to do it probably already work for the US govornment (and if the GOVORNMENT wants your file cracked, it's probably gonna happen no matter what!).
I wouldn't mind being proved wrong, though, if you felt like you wanted to try!
VBAjedi
My method only relies on the secrecy of the key string. If the key is easily guessable, my approach is as defenseless as any other approach. The algorythm is so simple as to be almost inconsequential (precisely because I knew there is no way to hide it in Excel), and is based on an old, but still respected, encryption technique. So, choosing a good key of sufficient length is the key (pardon the pun!).
xlbo,
I certainly respect your knowledge about Excel, but I think perhaps the difference between password protection and data encryption hasn't fully registered with you yet. [LOL] What I'm doing has NOTHING in common with the vulnerablility of Excel's built-in password protection.
Actually, my method is more like "One strike and you're out". To decrypt the data, the algorythm is reverse-applied to the scrambled data using whatever key you specify. So if you enter the wrong key phrase, the data gets even MORE scrambled. Your only option at that point is to close the workbook without saving, reopen it, and try again.
As far as writing a cracker routine, it would be tough (but I would LOVE to see you try!). Even after you had my algorythm (which would be easy enough to get - just crack the project password), you're stuck with using a brute-force approach to find the key string (which can be any length - hundreds of characters long if I so desire). To make things worse, you have to write some kind of sophisticated code that recognizes valid content (or have a human check the results of each attempt), because there is NO other indication as to whether you've found the correct password. Then it has to automate the above-mentioned process of closing/reopening the target file for every unsuccessful attempt - not difficult, but time-consuming (and time is the enemy in brute-force decryption).
In summary - yes, it is certainly crackable, but I suspect the people with the time, knowhow, and computing resources to do it probably already work for the US govornment (and if the GOVORNMENT wants your file cracked, it's probably gonna happen no matter what!).
I wouldn't mind being proved wrong, though, if you felt like you wanted to try!
VBAjedi
Luke - fair points and I didn't mean to have a go at your work in any way. I've seen your replies here and on the excel L list and you obviously more than know what you are doing. My point (as it started) was a more general one to do with excel "security".
I'm sure your encryption is good and I certainly wouldn't want to waste many hours trying to break it BUT and this is the crux of my argument, at the end of the day, it still relies on a password and that password must reside in the file (unless you've been REAL good and hidden it outside the file) ergo, there are a limited number of strings it could possibly be (a lot but limited nonetheless). I'm not going to go into any further detail as to how I may or may not approach it because
a: It wouldn't be good to post that kinda info
b: I don't make it my business to try and crack file son a regular basis and I don't wanna look like a fool ;-)
If you agree, lets just leave it as
You CAN protect data in excel BUT it is a lot of effort(and you run the risk of someone entering the wrong key and permanently screwing the file up). Basically, it'll probably take a cracker apprx the same amount of time to crack a file as you spend protecting it....
Rgds, Geoff
Never test the depth of water with both feet
Help us to help you by reading FAQ222-2244 before you ask a question
I'm sure your encryption is good and I certainly wouldn't want to waste many hours trying to break it BUT and this is the crux of my argument, at the end of the day, it still relies on a password and that password must reside in the file (unless you've been REAL good and hidden it outside the file) ergo, there are a limited number of strings it could possibly be (a lot but limited nonetheless). I'm not going to go into any further detail as to how I may or may not approach it because
a: It wouldn't be good to post that kinda info
b: I don't make it my business to try and crack file son a regular basis and I don't wanna look like a fool ;-)
If you agree, lets just leave it as
You CAN protect data in excel BUT it is a lot of effort(and you run the risk of someone entering the wrong key and permanently screwing the file up). Basically, it'll probably take a cracker apprx the same amount of time to crack a file as you spend protecting it....
Rgds, Geoff
Never test the depth of water with both feet
Help us to help you by reading FAQ222-2244 before you ask a question
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question