mdw security

"kai" <ka******@earthlink.net> wrote in message news:<%E*****************@newsread2.news.atl.earth link.net>...

Hi,
I created user-level security for my database. I found several software
can crack my mdw file. If without my mdw file, can some one still crack the
database?

Most of the password 'cracker' programs I've seen for Access, Excel,
etc. rely on the fact that most of us use relatively short passwords
and/or passwords created from common words. The first type of
password is vulnerable to a brute force approach in which every
possible combination of 1-n letters and numbers is tried where n is
the number of characters in your password and the second is vulnerable
to a slightly more sophisticated approach where the cracker program
uses a dictionary of words or word fragments to try to guess your
password. If you make your password long enough, mix numbers and
letters, and make the combination of letters and numbers sufficiently
random (i.e., not a meaningful word) those cracker programs could be
occupied for weeks or months trying to figure out your password on the
fastest PC.

Bruce

> Most of the password 'cracker' programs I've seen for Access, Excel,

etc. rely on the fact that most of us use relatively short passwords
and/or passwords created from common words. The first type of
password is vulnerable to a brute force approach in which every
possible combination of 1-n letters and numbers is tried where n is
the number of characters in your password and the second is vulnerable
to a slightly more sophisticated approach where the cracker program
uses a dictionary of words or word fragments to try to guess your
password. If you make your password long enough, mix numbers and
letters, and make the combination of letters and numbers sufficiently
random (i.e., not a meaningful word) those cracker programs could be
occupied for weeks or months trying to figure out your password on the
fastest PC.

Bruce

I've came across a software that can reveal the actual password in MDW
within seconds...

Bruce wrote:

"kai" <ka******@earthlink.net> wrote in message news:<%E*****************@newsread2.news.atl.earth link.net>...

Hi,
I created user-level security for my database. I found several software
can crack my mdw file. If without my mdw file, can some one still crack the
database?

Most of the password 'cracker' programs I've seen for Access, Excel,
etc. rely on the fact that most of us use relatively short passwords
and/or passwords created from common words. The first type of
password is vulnerable to a brute force approach in which every
possible combination of 1-n letters and numbers is tried where n is
the number of characters in your password and the second is vulnerable
to a slightly more sophisticated approach where the cracker program
uses a dictionary of words or word fragments to try to guess your
password. If you make your password long enough, mix numbers and
letters, and make the combination of letters and numbers sufficiently
random (i.e., not a meaningful word) those cracker programs could be
occupied for weeks or months trying to figure out your password on the
fastest PC.

Not true at all. This is general advice which is hardly applicable to
Access, where the security is poorly implemented and removable without
any brute force attack.

"Peter Miller" <pm*****@pksolutions.com> wrote...

This is general advice which is hardly applicable to
Access, where the security is poorly implemented
and removable without any brute force attack.

There are also techniques that allow security to simply be ignored for a
bit, leaving no indication to a database owner that someone was
tampering....
--
MichKa [MS]
NLS Collation/Locale/Keyboard Technical Lead
Globalization Infrastructure and Font Technologies
Windows International Division

This posting is provided "AS IS" with
no warranties, and confers no rights.

Michael (michka) Kaplan [MS] wrote:

"Peter Miller" <pm*****@pksolutions.com> wrote...

This is general advice which is hardly applicable to
Access, where the security is poorly implemented
and removable without any brute force attack.

There are also techniques that allow security to simply be ignored for a
bit, leaving no indication to a database owner that someone was
tampering....

I'm getting in on this late, but here is my 2cents too.

I bought a cracker from a place called passwordtools.com just to test it
out and see how well these things worked. It worked admirably on my
test files, even for non-trivial passwords.

According to Ad-Aware, it also installed a keylogger on my machine.
Whether Ad-Aware was correct or not, I cannot say but I can tell you
their software is no longer resident on my machine.
--
To Email Me, ROT13 My Shown Email Address