Home | Word password info

Common password types

Word and Excel use several types of password for securing the files depending on what is actually being protected. The approaches to recover or bypass these passwords vary, as do the complexity of each password.

File open password

This is the most secure as well as commonly used password type in Word or Excel. This password protects a document from being opened without the correct password.

You can use between 1 and 15 characters, including special characters and national character sets (since the password uses Unicode). Office 97 through to XP use relatively secure 40 bit RC4 encryption. Office XP offers a number of other cryptographic techniques. Office 95 and earlier versions use a very weak encryption method, as does the French version.


The default protection for Office 97 onwards works by converting the entered password into an MD5 hash, and using this as a key to encrypt the document using the secure RC4 algorithm. The RC4 encryption algorithm strength is 40 bit, to comply with the previous US export standards. A standard header is encrypted which helps with recovery.

For Office 95 and earlier, the password is simply XOR’ed with the contents of the document. This version is no longer in common use, so we won’t discuss this further. However, software is available that will recover the password instantly.

Recovery approaches

Two approaches to recovering a document protected with a file open password are available:

  • Brute force – tries a large number of passwords from a dictionary, or tries all possible passwords
  • Key recovery – recovers the encryption key used, and use this to decrypt the file

Software that offers only brute force and dictionary recovery approaches is not effective for most file open passwords. They have been found to work less than 20% of the time. This is because most people are smart enough to use strong and long passwords that may have special characters, not dictionary words.

There are a large number of possible characters to use in a search:

  • A-Z = 26
  • a-z = 26
  • 0 – 9 = 10
  • Special characters (!@# etc) = 32

Total standard characters = 94 (does not include non printing characters, or national characters). This means that every character of the password has at least 94 possible combinations. This means that for an 8 character password, the number of characters to test is:

94 x 94 x 94 x 94 x 94 x 94 x 94 x 94 = 6090 000 000 000 000

At a rate of 100,000 passwords per second, this would take 1,932 years! Also, the passwords can be up to 15 characters long, which means that trying all possible passwords could take millions of years.

Key recovery uses the fact that there are fewer possible encryption keys than passwords. Using a powerful computer, or a cluster of computers, it is possible to try all the possible encryption keys in a reasonable time. This is the best approach if initial brute force work is unsuccessful.

Other password types

The other common type of Word passwords is the write protect password. Whilst this can be bypassed by simply saving the file under another name, it can also be recovered.

VBA passwords can be used in Word documents, but are relatively uncommon. VBA passwords protect macros against viewing or modification.

Recovery approaches

Software is available that will readily find the original write protect password. Since this type of password is not as secure as the file open password, the recovery process is very quick.

Special VBA password software is required to remove VBA passwords.


Terms of Use :: Privacy :: Links