Several words before

As noted above, Word®/Excel® 97/2000 (and Word®/Excel® XP/2003 in Office 97/2000 Compatible mode, which is the default), encrypt files using RC4 encryption routine, if File open protection is used. The simplest way to break the password is running brute-force and dictionary attacks; however, these methods work well only on short and simple passwords only. But if, for example, the password is 10 characters long and contain both small letters, capital letters and digits – obviously, you will not find it in any dictionary; and for brute-force attack, the appropriate software will have to try the following number of possible passwords:

(26 + 26 + 10) ^ 10 = 839,299,365,868,340,224

Even assuming that modern PCs with 4 processors can test as much as about a million passwords per second, it will still take more than 26614 years to test them all. Well, only 13307 years in average, but still too much.

This program, AOPB, does not recover the password at all. Because of U.S. crypto export regulations, the key length in RC4 algorithm used for encrypting the document is only 40 bits, and that means that the total number of possible encryption keys is:

2 ^ 40 = 1,099,511,627,776

So instead of testing all possible passwords, AOPB test all possible encryption keys. And once the key is found, it decrypts the document, so the password is no longer required to open it. Decryption is still not instant, but recovery time is very reasonable (usually, a few days). Moreover, this method provides 100% success rate regardless the password length. For example, if the speed is one million passwords per second even on old Pentium 4, the program will work about 305 hours or about 13 days – and this is maximum.

For Microsoft Word files, AOPB (Enterprise Edition only) can use pre-computed hash tables, that cut the key search time to several minutes only.