the password of Libreoffice

Dear All ,

I Forger My password of the Libreoffice file .
Who can tell me how to deal with it ?

Thanks ... ...

Unfortunately, short of having an unprotected backup of your file somewhere
else, there is no workaround for a lost password. If there were, the
protection would be pointless...

I'm afraid that short of a bruteforce you're out of luck.

Hi
You can always try opening it with MS Office.

I have opened password protected MS files in LibreOffice without even
being asked to type in a password. I have been told the other way around
works too. Both programs use different systems for password protection.

Another way might be to copy the file and then rename the file-ending to
.zip and then you should be able to poke around inside the coding of the
file. I've not looked at a Calc file that way so i am not sure whether a
text-editor could help recover the information from "contents.xml". Also i
am not sure if there is a single element that could be deleted to remove
the password protection.

​Unfortunately, while it's true that old mso formats used "password
protection" as a simple access management tool, recent version (think docX)
and libreoffice files *do* encrypt the files.​

Opening the file as a zip file will only yield ciphered files, except for
the mimetype one, which is not very useful.

Most security is more likely to hamper legitimate users than really slow
down a determined cracker. Encryption is a classic at being more often
responsible for losing crucial or private data.

​If done correctly, the "slow down" part would grow into many years. That's
the point of encryption, since a bruteforce attack is always possible with
every cryptosystems

However, you're right; for most people this option is more like a trap if
it is not part of a greater document management system that does take care
of the details like password, keys, and allow for some kind of recovery.
Maybe there should be a warning box that explicitely state that the
document will be lost if the password is lost​.

Hi
You can always try opening it with MS Office.

I have opened password protected MS files in LibreOffice without even being asked to type in a password.  I have been told the other way around works too.  Both programs use different systems for password protection.

Another way might be to copy the file and then rename the file-ending to .zip and then you should be able to poke around inside the coding of the file.  I've not looked at a Calc file that way so i am not sure whether a text-editor could help recover the information from "contents.xml".  Also i am not sure if there is a single element that could be deleted to remove the password protection.

YouTube and other places might well have "How to" crack open password protected files so i would google it (or other search engine).

Most security is more likely to hamper legitimate users than really slow down a determined cracker.  Encryption is a classic at being more often responsible for losing crucial or private data. 
Regards from
Tom

Hi
There are plenty of warnings out there and people take no notice of them.  I saw a hot tap with a warning notice over it saying "Warning the water might be hot".  People cease to even notice warning notices because they are far tooo common.

I my office we used to carefully hide the servers in a locked cabinet behind a filing cabinet which meant that everyone knew where they were.  Now they are right in the middle of the office and people walk past them any time they walk around the office.  Consequently no-one notices them!  My boss wanted me to label them with "Do not touch" signs so that kids wouldn't try playing with them but i managed to avoid it.  The kids don't go near them because they look boring but an exciting notice saying "Do not touch" would make them wonder why and make them curious to know what would happen if they did.

Regards from
Tom

To the originator of this thread, I feel your pain and commiserate with
you. As to the solution... I don't know. I think the best answer I have
seen is to have a different password for every different type of file or
web sight, i.e. all write files or all calc. files...even they can be
individualized at will. Then keep a special file with a benign, password
protected, name that holds all the passwords. The secure password for this
file is carried around with you (until you have used it so many times that
you know it by heart.)
Of course, I inevitably forget to include a new password in the password
file!
By the way, thanks to all who replied to my cry for help with the
Formula/text difficulty in Calc.
Regards, David

David Stuckey, MBA. MHSA.

Hi,

I Forger My password of the Libreoffice file .
Who can tell me how to deal with it ?

Other than a brute force attack, with a massive dictionary of potential
strings and something like "john the ripper" or some other such
software, there is no known way. It is possible, if you have a few
thousand years in front of you, but by then, it is generally of little help.

See here for an explanation of the technology used and why that makes it
so difficult for mere mortals :

http://ringlord.com/odfdecrypt.html

Alex

I am constantly thinking "I'll never forget this password".

Only one thing has really worked.

Try KeePass

http://keepass.info/

Hope this helps.

Hi
+1
Losing data is always "gutting".  I feel the pain too and have been there all too often myself.

I would definitely try opening in MS Office just in case that does still work.

Also i would try checking out usb-stick, emails, other machines, maybe back-up folders just to see if there was an unprotected fairly recent version lurking somewhere.  I'm not sure if data-recovery techniques would be worth a try.  If other people have to use the file then maybe one of them has the password written under their keyboard or on a post-it note beside their screen?  Perhaps in the file where hard-copies are kept?  Maybe in a introductory training book for new employees? 
Regards from
Tom

Dear All ,

I Forger My password of the Libreoffice file .
Who can tell me how to deal with it ?

Thanks ... ...

Well, here's a shot in the dark. The .odt fileis simply a container (like a .zipfile). Use a program like 7-zip (confirmed to work) and extract the content.xml file. It won't be clean, but you may be able to:

1) copy the content.xml into a new.odt file without password protection, or...
2) just open the content.xml file directly in LO. You'll have a lot of xml data in there...so its quite messy.

Well, here's a shot in the dark. The .odt fileis simply a container (like a .zipfile). Use a program like 7-zip (confirmed to work) and extract the content.xml file. It won't be clean, but you may be able to:

1) copy the content.xml into a new.odt file without password protection, or...
2) just open the content.xml file directly in LO. You'll have a lot of xml data in there...so its quite messy.

>ZP>

Disregard my last message. You can open the .odt file in 7-zip, or Gnome Archive Manager, or whatever...unfortunately, the content.xml is scrambled after password protection. My apologies for the misdirection.

Hi :
It's ok.  It's nice to hear ideas to try.  Even a wrong answer might help someone else or "by bouncing ideas off each other" we might arrive at the best answers.

I was fairly sure your method would work but hadn't got around to trying it out so thanks for doing that and getting back to the list with the results.  I think Alex had already said that method wouldn't work but i "never believe anything until it's been denied by a government minister" (i am not sure where that quote is from)
Regards from
Tom

LibO 3.4.5 and lower can write files whose password protection relies on
Blowfish;
LibO 3.4.4 and lower can read files whose password protection relies on
Blowfish;
LibO 3.4.5 and higher can read files whose password protection relies on
AES-256;
LibO 3.5.0 and higher can write files whose password protection relies
on AES-256;

The Crypto++ library contains routines for encrypting/decrypting
blowfish, AES-256, and other algorithms for ciphers.

In 2001, four or five firms, worldwide, offered commercial OOo password
recovery services.

One of the firms frankly admitted that they used brute force. The setup
fee paid for the computers used for the "attack". The monthly fee
covered the utility bills that the "attack" generated. FWIW, this firm
now appears to be out of business.

http://openoffice-password-recovery.en.softonic.com/ offers a tool that
they claim:
« OpenOffice Password Recovery is a software program to restore any
forgotten passwords from any document created with Open Office. This
tool supports all Open Office applications including OpenOffice Calc,
Impress, Math, Writer and Draw.
OpenOffice Password Recovery also features protection removal so you can
get rid of the read-only restriction used for protection with some files. »

http://openoffice-password-recovery.sharewarejunction.com/ offers an OOo
extension for US$79.00 that allegedly recovers passwords from OOo
documents.

Those tools might work, but I have my doubts. Whilst there are known
attacks that result in determining the password faster than using brute
force, those attacks require at least a century to complete, using
Beowulf Clusters that are currently commercially available.

jonathon

To be honest - WRITE the passwords down somewhere safe.
OR use a set of passwords and only that set so you just have to try the
one at a time.

I use about a dozen passwords. If I need to create one that is not part
of my set of passwords, I write it down on a card and stick it in a
"safe place". That way if I do not remember what it is, I just pull out
the "cards" and find the document name and read the password written
there. I know a lot of businesses that use a locked desk drawer to hold
things like door access codes and passwords.

Alternately, one can use a password manager to keep track your
passwords. A good manager will allow you tailor and save unique
passwords for each site of effectively unlimited length.

Yes, that works, unless you system does a crash/burn and for some reason
you cannot get all of your "files and data" off your backups. Oooops,
sorry you forgot to backup that file somehow.

I am rebuilding a desktop back after the primary drive failed and I did
not have 1 to 2 weeks of work on the backups, and "certain" config files
were missed in the backup "process". The drive died the day I was
scheduled to backup the work for that week or so. Now I have a new
drive, double the size, but still working on getting all of those bits
and pieces of packages and utility configuration back to where it should be.

So a password manager can work fine, if you are on the system where it
is stored and you somehow do not loose it in a crash and burn of a disc
drive. Writing it down on paper and securing it somewhere safe will not
depend on proper backups and sharing the password management "system"
between several computers you might use - i.e. desktop and laptop, and
maybe a tablet. Paper is also not software dependent if you run
Windows, Linux, and Android systems. I do.

This is diverging slightly off the original topic, but I felt compelled to respond. Depending upon your security concerns, a variety of tools will allow you to sync and backup password databases to a variety of systems (windows, linux, mac, android, etc.). Here are just a few:

Secure Password Tools:

1. Keepass. I can't live without it. Store windows registration codes, software registration codes (Adobe, etc), passwords, anything you can think of. Linux (KeepassX, Keepass 2.0), Windows (Keepass 1.0, Keepass 2.0), Android and iPhone/iPad software available. Generate crazy long passwords if you must.

2. TrueCrypt. Set up a truecrypt container (file folder) and put your file passwords in a plain text document. Put the truecrypt container on a USB key and carry it around with you. Inefficient, but doable.

3. Lastpass. See below.

Sync Tools:

1. Dropbox. I use Dropbox to maintain specific Keepass databases synced on all computers, tablets, phones. You can argue the security concerns, but the convenience outweighs them. Use your database wisely, set up multiple authentication rules, and use it for non-critical password items if you must. You can use multiple databases as you wish...for example, non-critical passwords in a specific Keypass database synced on Dropbox called 'LibreOffice Files'.

2. Lastpass. Very convenient, and I just started using it. Its strength mostly lies in web passwords, but you can add anything you want, to include LO document passwords, readily accessible online. I DO NOT use it for critical, personal information.

3. BitTorrent Sync. Personally, my new fave. It allows syncing of any folder across your network. No communication outside your LAN, unless you specifically set it up. Use Keypass, Truecrypt, whatever. More of a syncing tool, but you can set up rules to act like a backup system to a specific computer/drive. Much easier to use than any Windows/Linux backup solution tbh.

Old school paper files are effective, until your house burns down...so the argument works both ways. Personally, given the proliferation of tools/devices we use, I need password capability across all devices. All of my passwords are Keepass generated (25+ characters and symbols) and writing them all down is simply not an option. Plus I set reminders to change passwords every month or so, within Keypass.

Give them a try, I think you'll find the tools listed above are useful and productive...just take extra care protecting where and how you store these files, that's all.

And this is precisely why backups should always be *automated*.

Which one should also test on a regular basis, at least I know I should but I don't, at least not often enough.

Werner