How secure is LibreOffice when using password protect?

First off, I’m just an “average” home user, so I don’t know too much - take it easy on me.

I can’t find any information about password protecting calc and/or LO text documents. I’m assuming you can, but are they encrypted securely? I don’t simply want the ability to set a password if they can be easily cracked. Also, I’m talking about password protecting specific documents/spreadsheets not the office suit itself - don’t care to do that.

Stuff you don’t need to read:
My computer was recently stolen. On that computer I have almost most of my website passwords in a password protected MS Excel spreadsheet (don’t worry, sensitive website passwords like banks,, hosting, etc… where put in the spreadsheet in a way only I would understand).

I now have purchased a new computer, but my Office 2010 will not activate. It says I have activated too many times, or some mumbo jumbo; I’m thinking about switching over to either LibreOffice or OpenOffice.

1 Like

Stop saving passwords in spreadsheets! To store passwords use ‘password manager’ program like Keepass: - you set one master password and then save all other passwords. For really secure password let password manager to create a password and then you copy/paste password each time you need to open a file. — If your PC got stolen, then CHANGE all passwords. You never know how many resources and time user has to crack a password.

There is no security in saving any password in LibreOffice. It can easily be removed by editing the content.xml file.

@gacb, how do I downvote your comment? (If only I could) It seems completely and utterly wrong, so long as the person password-protected their LibreOffice document.

1 Like

The algorithm(s) used for the OpenDocument Format are very secure.

blowfish and AES (used by default since LibreOffice 3.5) are both secure. There is no known vulnerability. In other words: the only way to decrypt the document is to supply the correct password.

Links fixed. Links with brackets evidently need to be left verbatim under AskBot.

Interesting recent discussion on the users mailing list:

Subject: How to crack a PW in LO?

start here:

Conclusion: do not lose the password if you decide to protect a document in ODF format.

“…do not lose the password if you decide to protect a document in ODF format.” - You are absolutely right about this, Jean-Baptist!!! I only lost a password for an EXCEL file… troubles!!!

I initiated the thread "How to crack a PW in LO?# mentioned in the answer of Jean-Baptiste Faure. However I am not yet sure how secured LibO files are. It seems to me that there is no encryption, thus brute force attack can be successful if there is enough time to attack the password.

I am using RightNote from
It has a 128-bit encryption and 2 passwords. 128-bit is, as far as I know, currently the industry standard. I added a Calc file into a RightNote file. Works fine and is fast.

Another alternative is an information containing file in a winzip archive with an 256 bit encryption. However, as far as I remember each opening of the winzip archive creates an unprotected copy of the information containing files in the Temp folder.

Re: “there is no encryption,” encryption of docs is only as strong as the provided password. If we use AES-256 internally but use ‘dog’ as the password, we can brute-force the pass trivially. If we use DogsE@tTh1ngsOnTh3Ground as the password, it will be nigh impossible to brute-force it.

In the meantime I cracked the password protected EXCEL file with a small freeware application in less than 5 min, which I found in the Internet. So far I have not found yet a SW which cracks a LibO file.

I general I can say, that security is never 100%. Each password can be cracked if there is enough computing power and speed. Security is never 100 % but with 128 of 256 bit encryption one can achieve a very high security.

1 Like

How did you crack the Excel file? Brute-force or some other way? If password is very simple, then brute-force is easy and has nothing to do with strong-weak protected file.

@froz - this is the tool I used (99%)

Free Word / Excel Password Recovery Wizard 2.1.11

Free Word / Excel Password Recovery Wizard offers the same functionality
and performance as expensive commercial Word password / Excel password software,
but is a completely free !
Make sure that you are using the latest version of this software.
All updates are available from:

Free Password Recovery Software
Copyright @ 2003-2012

sorry for the strange format - I just copied and pasted.

1 Like

On web page: “It works by trying words from a large dictionary (included with the download) against the file…” This is classical brute force attack: There is no software safe against brute force attack, not even LibreOffice. The only somehow good protection is using long and complex passwords that are not in dictionary of most used passwords and need to be tested one after another - this can take several days, weeks, months to get them cracked.

(continue) So there is only the resources (and time witch is also a resource) and a will that is needed to crack a password. Some government agencies have a lot of computer power, so protecting against them is almost impossible. As referred by @cloph in this thread, LibreOffice is using strong algorithm. This means that the only real crack of password is brute force attack. On the other hand if there is weak algorithm used for encrypt data, there can be significantly less password try and match

(continue) then using brute force attack. Any algorithm to decrypt data that can get to the correct password in less then brute force attack is by cryptology standards taken as broken = weak algorithm. Conclusion: LibreOffice is using strong algorithm, so the only known way to brake a password is using brute force attack. The safety of password protection algorithm is entirely dependent on using strong passwords and of course protecting the file not to get into the hands of non-authorized person

(continue) I suggest to use some password manager programs like Keepass: or PasswordSafe (Windows only): to generate safe passwords and then copy/paste password into LibreOffice program to encrypt/decrypt. It all depends how protected the file should be. But there can be several other weaknesses in the system that lets access to the file to non-authorized person - this is not in the scope of LibreOffice protection: firewall, antivirus…

Also, it’s not a good idea to link to sites that recommend non-free software such as that.

serious encryption loophole:
version on mac os x

Steps to reproduce:

  1. Create a document.
  2. Type something in 24 font or bigger.
  3. Save it in .odt format with password protection.
  4. Close the document and quit libreOffice.
  5. Re-open LO. The start center shows a preview thumbnail of the document that was saved as encrypted.
  6. Panic!!!
  7. Click on this icon to be prompted for the password as expected.
    (but that wall doesn’t matter cause your adversary has already seen the image of the secret file.)

this bug has now been fixed as far as I can tell using

moral of the story: using encryption is worthless if LO is saving a duplicate image somewhere else. Be wary of any software that could have bugs that SAVE UNENCRYPTED IMAGES OF ENCRYPTED FILES because it means your data was not being quarantined properly throughout the editing process. I have not yet looked for proof of this, but there could reasonably be other temp(autosave, clipboard, etc) files holding parts of your data.