This article is absolutely pointless. Yes, it's possible to remove "read only" marks from "protected" office document in no time but simply because without "open" password the contents of document is fully accessible and you don't even need any special program to edit XML file within ZIP file (which is in fact DOCX document's internal structure is) removing "read only" tag.
But if "password to open" is set the only way to break the protection is to get original password. And once it's complex enough (anybody around still using "password" as password? Really?) there no chances to crack it even with cloud of GPUs. I'm honestly have no idea how quote "At the moment, cloud computing facilities are capable of unlocking as many as ca. 80% of the files saved in the Office 2007–2010 format." got into wiki (linked by topic starter) but it's at least misleading.
Office 2007 using 50000xSHA1 iterations for key derivation and AES for encryption. Office 2010 using 100000xSHA1 (and making possible to use 128/192/256-bit AES keys). Office 2013 using 100000xSHA512 iterations (and still AES). What this means? Simple. You can brute-force about 40K passwords per second (
http://golubev.com/gpuest.htm) with AMD 7970 for Office 2007 document and only about 1100 p/s with the same GPU for Office 2013 one (measured with
http://passwordrecoverytools.com/office-password.asp). The difference is only
36x which means that adding one symbol (from smalls+digits charset) to password for Office 2007 making it "the same" in "crackable" terms as Office 2013 password. There no backdoors there -- brute-forcing the password (even with some smart mutations/dictionary based attacks) is the only option.
Or, in other words, weak password will be cracked no matter what version of Office you've used while even Office 2007 protection is enough if your password is really good. Office versions prior to 2007 is different story and you should not use them at all. Actually saving document with Office 2013 in "Office 97-2000 compatible" mode with password effectively means you're saving document with protection which will be cracked in seconds with rainbow tables.
Anyway, you can use RAR 3.x-5.x or 7zip archives for the same purpose. Protection there is as strong as password you've choose. No backdoors there and brute-forcing speed is really low too.
Another thing is that if you're using system without full disk encryption it's possible to find encryption keys used with Office 2013 document within swap file or hibernate image and get access to protected document. If somebody got access to your computer. Actually it's simply possible to undelete the file which was extracted from protected archive/document to temporary file. Also during editing process Office can save temporary files anywhere it wants, no guarantee at all.
So if you're paranoid enough you will be using full disk encryption (TrueCrypt is obvious choice). Of course back up-ing all important information on (several, independent) external HDD/DVD-RWs as encrypted volumes (also TrueCrypt here is obvious choice).
Office 2013 uses AES 256 with 100,000 spins of PBKDF2 using SHA-256
Actually it doesn't use PBKDF2 -- it simply reapplying SHA512 in a way like:
for (iteration=0; iteration<100000; iteration++) hash = SHA512(iteration # + hash)
but everything else is quite right
.
