Home | Word password info
Common password types
Word and Excel use several types of password for securing the files depending on what is actually being protected. The approaches to recover or bypass these passwords vary, as do the complexity of each password.
File open password
This is the most secure as well as commonly used password type in Word or Excel. This password protects a document from being opened without the correct password.
You can use between 1 and 15 characters, including special characters and national character sets (since the password uses Unicode). Office 97 through to XP use relatively secure 40 bit RC4 encryption. Office XP offers a number of other cryptographic techniques. Office 95 and earlier versions use a very weak encryption method, as does the French version.
The default protection for Office 97 onwards works by converting the entered password into an MD5 hash, and using this as a key to encrypt the document using the secure RC4 algorithm. The RC4 encryption algorithm strength is 40 bit, to comply with the previous US export standards. A standard header is encrypted which helps with recovery.
For Office 95 and earlier, the password is simply XOR’ed with the contents of the document. This version is no longer in common use, so we won’t discuss this further. However, software is available that will recover the password instantly.
Two approaches to recovering a document protected with a file open password are available:
Software that offers only brute force and dictionary recovery approaches is not effective for most file open passwords. They have been found to work less than 20% of the time. This is because most people are smart enough to use strong and long passwords that may have special characters, not dictionary words.
There are a large number of possible characters to use in a search:
Total standard characters = 94 (does not include non printing characters, or national characters). This means that every character of the password has at least 94 possible combinations. This means that for an 8 character password, the number of characters to test is:
94 x 94 x 94 x 94 x 94 x 94 x 94 x 94 = 6090 000 000 000 000
At a rate of 100,000 passwords per second, this would take 1,932 years! Also, the passwords can be up to 15 characters long, which means that trying all possible passwords could take millions of years.
Key recovery uses the fact that there are fewer possible encryption keys than passwords. Using a powerful computer, or a cluster of computers, it is possible to try all the possible encryption keys in a reasonable time. This is the best approach if initial brute force work is unsuccessful.
Other password types
The other common type of Word passwords is the write protect password. Whilst this can be bypassed by simply saving the file under another name, it can also be recovered.
VBA passwords can be used in Word documents, but are relatively uncommon. VBA passwords protect macros against viewing or modification.
Software is available that will readily find the original write protect password. Since this type of password is not as secure as the file open password, the recovery process is very quick.
Special VBA password software is required to remove VBA passwords.