Note: this is only for write protection passwords. Files that require a password to read are actually encrypted. I think any password that would prevent editing but allow reading would necessitate a fairly complex digital signature management scheme for data provenance (which might be useful in some settings).
Some «security» features dont need to be secure. This is obviously one of those as the data is readable by all, but only modifiable by «those in the know», but if someone does anyway who cares.
I’ve done hardcoded frontend identity whitelists for authorization. Some times it’s fine to let hackers access stuff, but not the vanilla mass-market browsers. Feature flags etc
Based on the information in the README, wouldn't that be possible to accomplish in a simple bash script?
Reading through it quickly, it looks like this is for files that are available to read, but write-protected? Not read-protected documents like a password protected Excel workbook?
Nice. In older versions of xlsx they used a weird hash function with tiny hash space that could be brute-forced in <1s. There were some VBA code snippets circulating and in my old team where we had to deal with a lot of such files we all had a script as a shortcut in the Excel toolbar.
I knew about the xml trick, but I could never get it to work consistently. This looks useful, thanks for sharing.
I know this may be slightly off topic as this specifically deals with the modify, not the access password. But Office for Mac still limits access passwords to 15 characters, my understanding is that this is a significant weakness for documents saved from Office for Mac. Does anybody have any insights into how big of an attack vector this actually is?
Hopefully no one treated these passwords as an actual security feature.
haha I wrote something like this in python once.
This password specifically refers to "Password to Modify" and Excel 2019 / 365 clearly warn in the reenter password popup:
> Caution: Password to modify is not a security feature. ... Malicious users can edit the file and remove the password.
This type of "protection" is also present in the VBA blobs (where you can change a few bytes and work around the VBA protection)
Saving a file with a password to open actually employs encryption. The exact setting can be tuned with registry settings, but is typically AES-128-CBC.
Saving a file as "read-only" encrypts the file with the standard password "VelvetSweatshop"