Foreword

Word®/Excel® 97/2000 used the RC4 encryption algorithm with a 40-bit key to encrypt documents. While the easiest way to break the password is running a combination of brute-force and dictionary attacks, these methods work only on short and simple passwords. Longer passwords take considerably more time to break. For example, a 10-character password containing small letters, capital letters and digits has the following number of possible combinations:

(26 + 26 + 10) ^ 10 = 839,299,365,868,340,224

AOPR does not attack the passwords if it detects 40-bit encryption. Instead, it targets the RC4 40-bit keys, which only have the following number of possible combinations:

2 ^ 40 = 1,099,511,627,776

Instead of trying all possible passwords, AOPR tries all possible encryption keys. Once the key is found, it decrypts the document, so the password is no longer required. The attack is not instant, but the recovery time is very reasonable (usually, a matter of hours on a modern CPU). Moreover, this method provides 100% success rate regardless the password length.

The Forensic Edition can use pre-computed hash tables that reduce the key search time from hours to several minutes.

Get more information about Advanced Office Password Recovery
Get full version of Advanced Office Password Recovery

© 2021 ElcomSoft Co.Ltd.