2

So I'm both an aspiring writer and programmer, and when I write I prefer to password protect the documents so that people can't just look at them in their uncompleted (and highly personal/passionate) form. I'm not too worried about hackers, just inconsiderate people who happen to see my computer on a desk.

However, this has made me curious about two things concerning encrypted open office documents:

  1. What program(s) could I use on either windows or linux that would allow me to see the garbled encrypted content for the sheer novelty of it? Would a non-encrypted word processor document be able to be read with all its coded formatting and text?

  2. Let's say some hacker did steal my computer and really wanted to read the files: what would they do to try and crack the encryption? Is the encryption key long enough in open office to make solving the encryption key take an astronomical period of time?

thinksinbinary
  • 149
  • 6
  • On the linux command line, you can use a program called 'hexdump' to show the contents. If you want to see both byte values and characters, use 'hexdump -C my_document.odt'. Note that odt Files (like newer Office Files) are actually compressed archives, so you won't see anything meaningful even with unencrypted documents. If you want to see the real contents, rename the document to "my_document.zip" and unzip it first. – Out of Band Nov 17 '16 at 18:56

1 Answers1

2

What program(s) could I use on either windows or linux that would allow me to see the garbled encrypted content for the sheer novelty of it? Would a non-encrypted word processor document be able to be read with all its coded formatting and text?

Use any plaintext editor like notepad.exe, Notepad++, Gedit, Leafpad, nano, vi and many more. (As the name suggests, these are editors without any fancy formatting features, instead allowing to see and modify each byte in a file).

And a MS Word doc file (as example) is not very readable, even if unencrypted. Because the formatting part is quite much, and compression algorithms (to save memory) are used.

Let's say some hacker did steal my computer and really wanted to read the files: what would they do to try and crack the encryption? Is the encryption key long enough in open office to make solving the encryption key take an astronomical period of time?

You don't have a secure-randomly generated key, but just a password, right? Then it usually depends on your password: While it is used to derive a key that is usable with encryption algorithms, the attacker can derive the same key if he has the same password.

The two main possibilities for an attacker:

a) Automatically trying a long list of known passwords, because many people use something easy like 1234 (even if it is not that easy, the lists are really long...)

b) Just trying everything possible, either passwords or derived keys (usually passwords because easier). Takes often longer than a, but will find the right password for sure.

If it is feasible depends completely on your password and on the used software / file format:
Eg. old MS Office 95 has 16bit keys, independent from the password length. This is one of the cases where key guessing is easier, because there are only 65536 possible keys. Maybe this sounds much, but it's so bad that it's not even funny. Even on a modern school calculator, it wouldn't be slow enough to get a coffee.
The newest version of LibreOffice, as comparison, uses AES256+PBKDF2+SHA1: With a good password, even the best hacker shoudn't be able to do anything.

And what's a good enough password, assuming you want to protect yourself against NSA&Co.? Current realistic cracking efforts seem to be able to break 72 high entropy bit, let's use 80 to be secure. If you use a (good) password generator instead of choosing your own password, and you want passwords with uppercase+lowercase+numbers, this means you need at least 13 characters. If you choose your own password ... according to NIST (800-63), long human passwords average on 1.5 per character, this means at least 54 chacacters long.

deviantfan
  • 3,854
  • 21
  • 22
  • Thanks for you answer, but when I use notepad to open any open office document, i get some things like "thumbnails", "configuration 2" at the top, and the rest is just non-sensical symbols, seems like it's text will not translate into ASCII formatting as used in notepad – thinksinbinary Nov 19 '16 at 05:10
  • @thinksinbinary That's normal. The file does not contain ASCII content, so Notepad won't show it. ... You have to understand that doc files etc. *are not text*. – deviantfan Nov 19 '16 at 07:20
  • So what you are saying is that despite the fact that open office and MS word use ASCII for keyboard input, they are so heavily formatted that they aren't recognizable by a text editor. I just had this notion that hackers would have already created a program to look at doc files that would allow you to view the text within all the encoding ect., bypassing passwords in the same way you can use ubuntu live to bypass windows permissions (or maybe that was misinformation as well?!) – thinksinbinary Nov 19 '16 at 15:05
  • @thinksinbinary `So what you are saying is that despite the fact that open office and MS word use ASCII for keyboard input, they are so heavily formatted that they aren't recognizable by a text editor.` Basically yes. Ms Word has thousands of small features ... Comare it with Notepad. All features not available in Notepad contribute to the strange stuff in the doc file. (Also, compression is added, which basically replaces normal text with (less) unreadable stuff to save memory) – deviantfan Nov 19 '16 at 22:36
  • And yes, with Linux it's easy to bypass the Windows logon. But that's not comparable to docs, because most hard disks of Windows computers are not encrypted. Sure, it requires a password to start, but if using another computer and plug the old hard disk in (USB etc.), the files are all there. ... Still, whole hard disks with Windows *can* be encrypted like doc files, and if they are, just using Linux etc. won't help. – deviantfan Nov 19 '16 at 22:41