StarOffice Password protected file Help!

I have a close family friend who's husband has just passed away, Ive been helping her gain access to her husbands laptop ect, he was the accountant for the family business, He used Star office version 8, the problem we have is many of his files are password protected.

I have 2 questions

1) How many attempts can the wife have to try and guess the password before she's locked out of the file?
2) Is there any way to hack/bypass these passwords? (3rd party software, a company ect ect)

I would really appreciate your help as the family's bank manager is visiting on Wednesday to go over the health of the business and many of these important financial files are locked.

Thanks in advance

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
Ok, from the top.

you can try guessing as many times as you like - there is no magic lockout; but there is also no halfway result, either a guess is correct, or it doesn't work (so if you try I_love_cookies but the password was I_Love_Cookies you won't get in)

there is a commercial crack tool, but it isn't instantaneous - in fact, it can take days or weeks to run.

There is also a free tool here:

which is purely a dictionary tool - you have to give it a list of possible passwords, but it is much faster than trying each one in turn by hand.

staroffice files are very secure indeed. At the base, they are zipfiles - so you can open them using any zip file tool ( being my usual choice)

inside, you will find a manifest (xml file in a subdir called META-INF) which you can edit with notepad. this gives details of what is stored where inside the zipfile, and if it is encrypted, what the checksum of the password is.

here is a typical entry:

 <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml" manifest:size="2939">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="vsANgJ9HW/9Z0tfHwvzX1HOROGs=">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="yOxT+y66yJg="/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="qdlQxndpRh0cANpXCVhjXw=="/>

note this specifies that the encryption is blowfish (only supported algo), and the hash is SHA1 (only supported hash). Blowfish is uncrackable. no, really, there isn't a hope of breaking it unless you can guess the password.

the hash is the clue - it will let you test if you got a guess right or wrong, without having to try each password in turn in the package. This is how the crackers work - they try every possible password (either from a list you supply, or by starting at aaaaa and working their way towards z) and test the answer against the hash. if the hash says they got it right, they can then try decrypting the actual document.

however, this is called a brute force attack - trying many passwords until you find one that works - and it can take a fairly long time to do, even on a modern computer.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
D_McleanAuthor Commented:
Thats excellent info Dave exactly what I need, ive certainly got enough to be going on with that lot.

Thanks very much

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.