Rainbow attack

With the Enterprise version of AOPB, you can speed-up the decryption of all Word (and most Excel) documents by enabling Use pre-computed hash tables option. Press Browse button at the right and select the folder where the tables are located (separately for Word and Excel). For Word, the folder should contain the following subfolders/files:

0\t00_l17000.data

0\t00_l17000.index

1\t01_l17000.data

1\t01_l17000.index

2\t02_l17000.data

2\t02_l17000.index

3\t03_l17000.data

3\t03_l17000.index

4\t04_l17000.data

4\t04_l17000.index

5\t05_l17000.data

5\t05_l17000.index

missing.bin

And the list of Excel subfolders/files is:

0x62\0\t00_l12500.data

0x62\0\t00_l12500.index

0x62\1\t01_l12500.data

0x62\1\t01_l12500.index

0x62\2\t02_l12500.data

0x62\2\t02_l12500.index

0x66\0\t00_l12500.data

0x66\0\t00_l12500.index

0x66\1\t01_l12500.data

0x66\1\t01_l12500.index

0x66\2\t02_l12500.data

0x66\2\t02_l12500.index

It is NOT recommended to use the tables directly from DVD (shipped with the Enterprise version) because of very slow DVD drive performance. You can copy the DVD contents to the hard drive, or even better, to USB flash drive. USB flash drives have relatively low performance when reading files, but much better (than hard drive) random seek time, while this parameter is the most important for this attack.

With hash tables on hard drive, this attack takes from 10 to 30 minutes to complete; on USB flash drives – from just a few seconds and up to 10-15 minutes (worst case). Tthis option also provides guaranteed recovery for Word files, and about 97% decryption probability for Excel files.

With Use deep length analysis option, you can control the way how Excel files are processed. The problem with Excel is: not all the files contain predictable daya (needed for this method of decryption), and the program have to guess some parameters. In most cases, only one or two stages (up to several minutes each) are required to find the correct encryption keys, but there's a chance that the parameters have been selected incorrectly, and some more stages (up to two dozen) are needed, with the other parameters set; the complete process can take an hour or two. So that option instructs the program what to do if the key has not been found at the first/default stages; select Yes to always perform further attacks with the other parameters; Always ask to make the choice only when the first stages will be completed; or No otherwise.

Please note that if the key will not be found using pre-computed Excel tables, you can still decrypt the file by temporary disabling this option, and performing the full key search (which takes about three days).