Welcome to MSDN Blogs Sign in | Join | Help

Encryption for Password Protected Sections

I just saw this question on an internal mailing list so I thought I would pass it on to the blogging community. The question was:

    What underlying security technology is used to protect OneNote content with passwords?

Well the answer is:

OneNote uses 3DES encryption, with 192 bit key length. We do encrypt all the content that you enter into the page, so once protected there is no way for someone to read it without knowing (or guessing) the password.

What that means is the longer the password and the more complex the better. It takes some time but people can still brute force an attack on your files by guessing your password. Note that you cannot unlock password protected sections via the OneNote 2007 API. You just can't get to it unless the user opens OneNote and unlocks the password (even then they can still lock out API apps from getting encrypted content).

Published Thursday, November 09, 2006 7:57 PM by descapa

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Encryption for Password Protected Sections

Is triple DES used in the 2003 version of OneNote as well?

Any thoughts to go to AES?  Or is it possible to "plug-in" other encryption schemes?

Monday, November 27, 2006 12:55 PM by Ray

# re: Encryption for Password Protected Sections

For the current versions you cannot 'plug-in' other encryption schemes though that is a pretty cool idea.  However I can see lots of errors if we aren't careful.

AES is something we are interested in using but that will be a future consideration, maybe you will see it in O14.  Thanks for the feedback!

Monday, November 27, 2006 1:13 PM by descapa

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker