TW forward

Subject: TW forward
From: "Geoff Hart (by way of \"Eric J. Ray\" <ejray -at- raycomm -dot- com>)" <ght -at- MTL -dot- FERIC -dot- CA>
Date: Fri, 20 Nov 1998 07:33:14 -0700

John Lilly is looking for a reasonably foolproof way to protect an
MSWord file from tampering.

John, I've got some bad news for you: As Darwin once said, if you
make something foolproof, Nature will only evolve a better fool.
Bottom line: what you want simply can't be done. If the document can
be read at all (if not, why distribute it?), it can be retyped from
scratch and saved with the same name as the original, and only you'll
know that anything happened. (That's the brute force method;
password crackers and OCR are much more sophisticated. In fact,
Scientific American just published the URL for a web site that does
nothing but provide password crackers for a myriad of applications.
No, I'm not going to repost it here.) Use a checksum and an
application that confirms the checksum? The hacker can use the exact
same application to create and verify the checksum. Ditto for digital
signatures; actually, they're even worse given that the end-user will
never know whether your signature or the hacker's signature is the
one to trust, and the supposed safety of this method makes it less
open to suspicion. About the closest you can come to making the file
tamper-proof is to store it on a read-only medium such as a CD-ROM,
but given that CD burners are cheap and becoming more common, that
won't save you either. How about a ROM chip stuck on a PC-Card or
PCMCIA card? Same problem: if it can be read, it can be copied and
put on another ROM or EPROM. So in short, what you want can't be
done. End of discussion.

That being said, there are lots of ways to get reasonable levels of
security... if you can explain what you consider to be an acceptable
level of security. Also, can you explain why PDF isn't an option for
you? It's free (PDFWriter) or inexpensive (Acrobat Distiller),
and if security is an issue, Acrobat is pretty decent, particularly
if you supplement it with a third-party application. Describing
why someone might want to tamper with the file may give us a clue
about your problem and the likely solution.
--Geoff Hart @8^{)}
geoff-h -at- mtl -dot- feric -dot- ca

"Patience comes to those who wait."--Anon.

From ??? -at- ??? Sun Jan 00 00:00:00 0000=




Previous by Author: Appears vs. displays?
Next by Author: Securing help files?
Previous by Thread: Call for WebRing Participants
Next by Thread: Problems with Digest


What this post helpful? Share it with friends and colleagues:


Sponsored Ads