How to Open Encrypted Word Files
Password protection in Microsoft Word
There are several password protection options in Word:
- Password to Open
- Password to Modify
- Workbook password
- VBA macros protection
None of them, except for “Password to Open”, encrypt data. They only impose access restrictions. Data can still be viewed, printed, processed by macros but cannot be edited. However it is possible to instantly find, replace or remove this type of “restrictive” passwords from a Word file of any version.
Pic. 1. MS Word password recovery programs instantly find passwords of simple protection
A “Password to Open” is a totally different story.
Using this password special (hashing) algorithms calculate the encryption key which enables other (encryption) algorithms to encrypt all the data in a doc/docx file. Without knowing the password (or… spoiler alert! ;) ... the key) it is impossible to view any data from an encrypted Word file.
Now what if the open file password got lost? Your weapon of choice will depend on the Microsoft Office format the file was saved in.
Removing open file password from Microsoft Word file
There are three Word format alternatives each one featuring different potential for password removal:
- Microsoft Word 6/95 – Password to Open can be found instantly
- Microsoft Word 97-2003 (40bit) – rather than searching for the password it is easier to find the encryption key and decrypt a file without knowing the password
- Microsoft Word 2007-2016 – brute force attack is the only option and the search rate can be increased by GPU-acceleration on AMD/NVIDIA graphics cards
“Password to open” in Word 6-95 files
This is an obsolete format and it’s getting more and more rare. In the case of this file format the security of data is based on a primitive protection algorithm which makes it easy to instantly recover passwords. Neither length nor complexity of a password will pose any problem for a password recovery tool.
Pic. 2. A basic level password cracker would be sufficient to crack a password-protected Word 6-95 file
“Password to open” in Word 97-2003 (40-bit) files
Perhaps the most commonly used format today with its own shortcomings in data security.
The file format uses a very short encryption key. So rather than trying to find the password you just need to find the key which guarantees 100% successful decryption of data. After all no matter how long or complicated a password may be the number of key combinations does not change - it is always equal to 240 (40 bit, you do remember, don’t you?). And God only knows how many password checks it might take…
Pic. 3. Searching for encryption key does not require any settings – just select the file and start the search
Speaking about how easily and smoothly 40-bit Word 97-2003 files (Excel too!) are decrypted one can’t but mention rainbow tables.
Rainbow tables contain precomputed chains of encryption keys which by times accelerates the search of the right key with almost no decrease in success rate. Rainbow tables underpin some online services that open encrypted Word files.
Pic. 4. The use of rainbow tables at AccessBack.com
“Password to open” in Word 2007-2013 files
This file format is gaining popularity and along with brings the era of fast decryption of Word files to an end. What we have to do is to recover the password that is try to find a valid one by sorting through a number of combinations and verify them one by one hoping for successful result within reasonable timeframe.
Pre-conditions for successful recovery of “Password to Open” in Word 2007-2016 files:
- Customization of verification range. Cutting unnecessary arrays of passwords off will help you save a huge amount of time. Range customization tools include the following: brute-force attack with extended mask and password mutation using dictionary attack. Password mutation enables to cover all the variants obtained as a result of a word transformation while an extended mask defines a list of possible characters for each position in the generated password;
- GPU acceleration on NVIDIA/AMD graphics cards. Cracking passwords is a perfectly scalable task that modern GPU’s can handle. The more powerful graphics cards you use the higher computation speed and success rate you achieve;
- Password recovery software tweaked to enable high-speed performance. The tweak makes verification process dozens of times faster. Therefore the speed of verification is one of the most important parameters to be considered while choosing a password cracking program.
Key Points to Remember
Microsoft Word Password Cracking Guidelines: