Freigeben über

Encryption for Password Protected Sections

  • Artikel

I just saw this question on an internal mailing list so I thought I would pass it on to the blogging community. The question was:

    What underlying security technology is used to protect OneNote content with passwords?

Well the answer is:

OneNote uses 3DES encryption, with 192 bit key length. We do encrypt all the content that you enter into the page, so once protected there is no way for someone to read it without knowing (or guessing) the password.

What that means is the longer the password and the more complex the better. It takes some time but people can still brute force an attack on your files by guessing your password. Note that you cannot unlock password protected sections via the OneNote 2007 API. You just can't get to it unless the user opens OneNote and unlocks the password (even then they can still lock out API apps from getting encrypted content).

Comments

  • Anonymous
    November 27, 2006
    Is triple DES used in the 2003 version of OneNote as well? Any thoughts to go to AES?  Or is it possible to "plug-in" other encryption schemes?

  • Anonymous
    November 27, 2006
    For the current versions you cannot 'plug-in' other encryption schemes though that is a pretty cool idea.  However I can see lots of errors if we aren't careful. AES is something we are interested in using but that will be a future consideration, maybe you will see it in O14.  Thanks for the feedback!

  • Anonymous
    September 05, 2012
    Is 3DES still used in OneNote 2007/2010?

  • Anonymous
    December 08, 2013
    Excellent write-up!!!  I second another commenter's question, though... does Onenote 2010/13 still use 3DES encryption with 192-bit key length?

  • Anonymous
    July 08, 2014
    I would also like to know if 2013 uses 3DES or some other scheme

  • Anonymous
    April 22, 2015
    Same here, any updates on what OneNote 2013 uses?

  • Anonymous
    November 14, 2015
    AES is the default for Office 2013, maybe earlier -- technet.microsoft.com/.../cc179125(v=office.15)

  • Anonymous
    December 16, 2015
    Any special considerations file file attachments - is that data encrypted if a section has a password?  Also is the encryption applied to any secondary location of onenote data, like the cache and backups. Thanks