#Making a tex file secure password#
I discuss this also on my personal web site, where my recommendation is to use a password manager. On the other hand, by using a tool specifically designed to securely keep a list of passwords, you get one that is much smaller (thus far less risk of a bug having crept in, and far more likely for a compromising bug to be taken seriously), tailored for the purpose (thus far less likely to litter plaintext all around), and intended for the purpose (thus likely has useful features such as the ability to generate passwords, set password expiration dates, etc.). So it stands to reason that you could get reasonable protection against certain threats by keeping your passwords in an encrypted document maintained in a recent version of Word making sure to use non-backward-compatible formats. There are many threat models where this protection would not be sufficient, and many of those would seem to apply to lists of passwords. The document password protection only really helps if the adversary can get their hands only on the intentionally saved document file, and nothing else. I'm not sure if this is still the case, but remember that Word is a word processor it's not really designed to keep secrets against a determined adversary who has access to your system. However, at least historically, Word has been known to litter temporary files all around itself while you are working on a document.
Formats compatible with versions prior to 2007 will not be secure at all.
So if you are using Word 2007 or later, and ideally Word 2013 or later, it should be reasonably secure.
For modern versions of Word (Word 2007 and later), it appears that Microsoft has got the encryption pretty much right: They use multiple iterations of SHA-1 (since Office 2013, this has been replaced with SHA-512) for key derivation, and they use AES with a 128-bit key for encryption, compared to the older schemes that used everything from a 16-bit key to a 40-bit key.
0 kommentar(er)
