I'm trying to maximize my excel addin security. My research indicates an
Excel 2003 VBA password may be a max of 32 characters and the password may
include letters (not sure if upper and lower case are considered different),
numbers, keyboard special characters and spaces.

Does a complex excel VBA password (i.e. 32 char long and many types of char)
provide more security against the password recovery tools?

I thought the recovery tools have different algorithms.
- One algorithm is a brute force match which may take a long time (days or
weeks ?) to match a complex password.
- Another algorithm is to remove the password and replace it with something
else. A complex password would have limited value in this algorithm. I
would also expect this recovery tool to succeed or fail quickly.

Please provide any other suggestions you may have for improving an addin
security.

thanks.

Excel does not store the password as text, but a hashed value. As such a
complex password would make it more difficult for a brute force attack, but
no effect on the replace method.
Having said that, the WB/WS protection can be easily broken irrespective of
the initial password text used, basically with a brute force method.
VBA passwords are more difficult, but not much

http://www.mcgimpsey.com/excel/fileandvbapwords.html

There are various tools to obfuscate your VBA code also, if you feel it
worthwhile.
Using a compiled method would render the code much more difficult to
understand, if VB6 but not the .Net variety AFAIK.

NickHK

"alan57" <(E-Mail Removed)> wrote in message
news:B3F42596-8661-4F6B-B70F-(E-Mail Removed)...
>
> I'm trying to maximize my excel addin security. My research indicates an
> Excel 2003 VBA password may be a max of 32 characters and the password may
> include letters (not sure if upper and lower case are considered
different),
> numbers, keyboard special characters and spaces.
>
> Does a complex excel VBA password (i.e. 32 char long and many types of
char)
> provide more security against the password recovery tools?
>
> I thought the recovery tools have different algorithms.
> - One algorithm is a brute force match which may take a long time (days or
> weeks ?) to match a complex password.
> - Another algorithm is to remove the password and replace it with
something
> else. A complex password would have limited value in this algorithm. I
> would also expect this recovery tool to succeed or fail quickly.
>
> Please provide any other suggestions you may have for improving an addin
> security.
>
> thanks.

Locks only keep the honest people out.
The vba password can be bypassed, so don't worry about the length.
You might consider paying one of the established contributors in
this programming group to convert your add-in to a com add-in.
That would be pretty good security.
However, I believe then the add-in would not work on XL 97.
No, I don't do that type of work.
--
Jim Cone
San Francisco, USA
http://www.realezsites.com/bus/primitivesoftware



"alan57" <(E-Mail Removed)>
wrote in message

I'm trying to maximize my excel addin security. My research indicates an
Excel 2003 VBA password may be a max of 32 characters and the password may
include letters (not sure if upper and lower case are considered different),
numbers, keyboard special characters and spaces.

Does a complex excel VBA password (i.e. 32 char long and many types of char)
provide more security against the password recovery tools?

I thought the recovery tools have different algorithms.
- One algorithm is a brute force match which may take a long time (days or
weeks ?) to match a complex password.
- Another algorithm is to remove the password and replace it with something
else. A complex password would have limited value in this algorithm. I
would also expect this recovery tool to succeed or fail quickly.

Please provide any other suggestions you may have for improving an addin
security.

thanks.