Forums Bugs & issues Folder decryption works only part way Reply To: Folder decryption works only part way

#6310 Reply

Svante
Spectator

Thanks Franz,

Last(?) question…

From what you’re saying (and what I gleaned from the cursory glance at the office spec for cryptography and XLS), and from the screens above, it seems like the default behavior for saving a .XLS file even in modern versions of Excel is compatible with Excel 97 – 2003 which would imply that such a save has the weaknesses these versions of Excel has.

So, assuming a non-expert non-cryptography-setting-tweaking user, it’s still a fairly safe assumption that a .XLS file if password protected is protected with the old weak form of Office crypto – right?

If the file is saved in .XSLX-format, it’s also a fair assumption to make that it is saved as AES-128, once again assuming the non-tweaking user. So your last statement “For most users saving in the latest versions of Excel, with a secure password, they have no fear about the security unlike in olden times of Office. The default option is suitably secure even as AES128, 100,000 iterations at SHA1.” is valid when the file is saved as .XLSX in a newer version of Excel.