There is not something like an "encryption button" in word. On the other hand, encrypting word documents is just a few clicks away.
• route 1: Tools | Options | Tab Security
• route 2: File | Save As | Tools | Security Options -- Tab Security
Both result in the next screen:
File encryption options in MS-WordFile security settings in Word 2002/2003
The Security tab shows different file security settings:
1. Open password
This password is used for document encryption. This security feature is discussed in the next paragraph.
2. Modify password
This password is used for convenience when sharing files. This password does *not* encrypt the document and therefore does not add security. This modify password opens the word document in an editable modus but prevents the original file from being overwritten. The modify password is stored within the Word document. There are tools available that can extract and remove this modify password.
3. Read-only recommended
This is a recommendation to the person opening the document. On opening, MS-word asks the user to choose read-only unless the user thinks that changes to the document are necessary. It's just a recommendation, no security.
4. Protect document password
This property is like the modify password, but this time it's not possible to make changes to the document while viewing it. This protect document password is extractable and removable as well.
Document encryption is based on "open password"
So the only security password is the open password, the other passwords and read-only setting offer no real security and can be removed by MS-Word password recovery tools.
Set "Advanced" property (Crypto Service Providers)
Behind the password to open field, there is an "advanced" button. Click this button to get the list of available Crypto Service Providers.
List of available Crypto Service Providers in Windows
A Crypto Service Provider or CSP is a set of cryptographic algorithms with different properties. The default CSP is "Office 97/2000 Compatible". This is a CSP with public known security issues. There are on-line MS-Word password recovery services available that can remove the password of any document within 30 seconds.
Thus, the default CSP provides no security. For strong encryption of Word documents one *must* change to the strongest available CSP, which may differ per Windows installation.
Choose a strong password
If a strong Crypto Service Provider is chosen, there is one other requirement to achieve proper document encryption: choose a strong password.
No comments:
Post a Comment