Lastbit Software recovers lost or forgotten or passwords since 1997. Password Recovery Solutions online since 1997

Password Recovery
  Most Popular:
Access Password Recovery
Excel Password Recovery
Outlook Password Recovery
Word Password Recovery
WinZip Password Recovery
VBA Password Recovery
SQL Password Recovery
Office 2007-2016 Password Recovery Service

OctoPASS - Distributed Password Recovery System

Act! Password
Quicken Password
QuickBooks Password

...more...

Password Now.com
instant online password recovery service

List of supported file types

 Security
  Multi-User Password Manager
...more...
 Utilities
  Find Password Protected Documents
...more...
 Articles

Effective Password Recovery Solutions - 20 years online!

 

Reviewing Quality of Password Protection: Word and Excel

The first versions of Microsoft Word and Excel encrypted the entire document with password, and the password was not stored in the document. In other words, everything seemed to be carried out just right, if it wasn't for a little controversy: they used a home-made, terribly primitive and insecure encryption algorithm That took place regardless to the fact that cryptography was no longer a sealed science back in the 80s, and there was a secure enough encryption standard DES; other sufficiently reliable algorithms were also widely known. By unknown causes, programmers at Microsoft had decided to reinvent the wheel; however, they have failed: the invented algorithm didn't stand up to any criticism. This allowed not only to decrypt the entire document instantly, but also to recover the password.

There were quite a number of programs that allowed recovering passwords instantly. What's especially funny - one of the authors of such programs has told us that he had intentionally added some delay to his program in order to give users the appearance of complexity of the program, like the program is laboring, working hard, calculates something, so the money must has not been paid in vain. In the reality, the substantial part of the problem was solved by a few dozens of lines of the code, which carried out almost instantly. The same was true for Excel.

Such disgrace had continued up to 1997, when the new Office 97 has adopted sane cryptography. Well, sane but not exactly. At that time, USA had serious legal restrictions for exporting software that uses secure encryption algorithms. Only 40-bit cryptography was allowed for exporting; attempting to export anything securer could cause major problems. Microsoft had apparently decided to not produce separate editions for the internal market and for the world and ended up with the 40-bit security. However, they had to have made one special edition anyway: in France, strong cryptography is still under a ban. Therefore, in the French version of the office suite the old weak encryption remained, even until now.

It is worthy of mentioning that 40-bit encryption in Word and Excel 97 was implemented by quite a complicated and knotty scheme. Released in the beginning of 1998, Lastbit Word Password (and Excel Password) happened to be the first application that allowed recovering forgotten passwords for Word and Excel 97 by searching characters and using dictionary attack. Although the most resource consuming part of it had been written in Assembler and optimized for reaching the highest possible speed, nevertheless, long and complex passwords remained unbroken. In the beginning of 1999, an application for the guaranteed removal of passwords was released. The idea of the application was in the point that 40-bit encryption assumed the availability of about a trillion of keys; it was realistic to search them all within a reasonable time span by employing several computers for that. In the beginning, it required us 10 days to ensure the guaranteed opening of a password-protected document. Further on, thanks to optimization of the algorithm and building up the computing power, that span has been cut to 24 hours. In 2004, Lastbit released Express Recovery, and it took just two months of calculations to build a table of over 2 terabytes (for that time that was a very meaningful size), which made it possible to open any document within just a couple of minutes. Both of these methods suffered from the same disadvantage: although they made it possible to open the document, the password still remained unknown. Moreover, if user had many password-protected documents, each of them had to be "cracked" individually (even if they all were protected with the same password). In 2008, Lastbit created Original Password Recovery - the service enabled users to not only open any password-protected document quickly, but to recover the password too. Thus, 40-bit encryption, implemented originally in Office 97 appeared to have been defeated completely.

Password protection in Office 2000 hasn't endured any changes. A breakthrough occurred in the XP edition: now there was a magic button with Advanced Encryption Options with the most frightful thing hidden behind - user had to configure password protection parameters on his own. It is clear enough that all user needs is the possibility to set a password (if he needs that) and to be confident that nobody would open his document without that password. That's it. Period. User doesn't need to know how it works on the inside, which key length and which encryption algorithm precisely is used. In the case with Office XP, they have overloaded user with information that's absolutely redundant and unclear to him. As the result, the situation with the protection has improved just slightly.

  1. By default, Office XP uses the old protection scheme. The majority of users either don't know about the new features or, having glanced at a monstrous window with a pile of unclear options, simply decline using the new features.
  2. Even if user has selected the strongest encryption, the implementation has an error that allows viewing the content of the document partially even without the password.
  3. Due to peculiarities of using MS CryptoAPI, it is possible to get a document encrypted on one computer failing to open on other computers, even though the password supplied is correct; moreover, user gets an error message telling that the password is incorrect. Thus, using the new features could lead to additional problems.

And finally, a true Miracle happened in 2007: Microsoft has released good protection built upon the AES algorithm. Moreover, Office 2007/2010 uses a special technique, which makes picking a password using exhaustive search significantly harder. Searching passwords for Word and Excel 2007/2010 requires the essential input of computing power. That practically means that even relatively short passwords involve serious difficulty for cracking. Word Password and Excel Password offer taking advantage if cloud computing, where user can rent the computing power for cracking his password. Worth noticing is that the payment is due only upon the success. That, perhaps, is the only realistic chance for a user without essential computing power to recover his lost Office 2007/2010 password.

It must be told that both Word and even more so Excel have many different types of passwords, not only the password to open; for example, password to modify document or password to protect an individual sheet in an Excel document. All these types of passwords are implemented incompetently even in Office 2007/2010; they can be cracked instantly and do not provide any security whatsoever.

 

< Previous Page  |   Continue to the next page >

Pages: 1 2 3 4 5 6 7

 

 


Home  ///   Download  ///   Order  ///   Site Map  ///   Terms of Use  ///   Privacy Policy

Copyright © 1997-2024 LastBit.com. All rights reserved.