Microsoft Word and Excel password protection

The Microsoft Word and Excel password protection was first introduced in the earliest versions of the applications, but since then was gradually improved to become a serious obstacle to hackers who might try to gain access to confidential information stored in Excel spreadsheets and Word documents. The only password type which exploited the protection algorithms that were progressively enhanced by Microsoft is password required to open Excel/Word file. Other password types are deemed to be created for easy-to-use shared work on documents, since little improvement in protection algorithms was done by Microsoft in each subsequent version of Microsoft Office, and to this day all password types other than password to open file poses no difficulty to a potential trespasser.

Word and Excel 95 exploited the 32-bit key protection algorithm, that was later enhanced up to 40 bits in Excel 97 and further versions, until a 128-bit key powerful AES protection algorithm started being used in Office 2007, so Word and Excel password recovery became much more complex, though it can be still challenged by modern password cracking software and online services. Cloud computing password recovery services currently prove to be the most effective.^[1]

Types

All Microsoft Office applications offer several types of password that can be set to a document. These passwords can be divided into 2 groups depending on whether they encrypt a password-protected document or not.

Passwords that do not encrypt a password-protected document are mostly different for each of Microsoft Office applications:

• In Microsoft Word, they comprise password to modify a document and password to restrict formatting and editing a document.^[2]
• In Microsoft Excel, they are password to modify a document, password to protect a worksheet, password to protect workbook and password to protect shared workbook.^[3]
• In Microsoft PowerPoint, it is password to modify a document.^[4]

These password types are widely believed to be created for Microsoft Office document sharing rather than preventing other people from getting access to secret data the document may contain.^[5] Because of the lack of document encryption, all the passwords mentioned above can not reliably protect a document from a trespasser. Most password-cracking software can remove such protection from a password-protected document in almost no time.

The only password that encrypts a document is password to open a document. It is enabled to set this type of password in all Microsoft Office applications. If a user fails to enter a correct password to the field which appears after an attempt to open a password-protected document, viewing and editing the document becomes unavailable. Due to encryption of a document protected by a password to open, a trespasser needs to decrypt the document to get access to its contents. To hamper Office document decryption, Microsoft has been consecutively enhancing Office encryption algorithm strength.

Document encryption

Like it was already mentioned, the only password that encrypts a password-protected document and prevents an intruder from getting access to user’s information kept in the document is password to open a document.

Excel and Word 95 and prior editions feature a rather weak protection algorithm that converts a password to a 16-bit key.^[6] Nowadays, most password crackers can find a 16-bit key and decrypt the password-protected document instantly.^[7]

Key length in Excel and Word 97 and 2000 was increased to 40 bits.^[6] This protection algorithm is currently considered to be weak and presents no difficulties to cracking software that features an option of Microsoft Excel and Microsoft Word protection breaking.

The default protection in Excel and Word XP and 2003 was not changed but an opportunity to use a custom protection algorithm was added.^[6] Choosing a non-standard Cryptographic Service Provider allows increasing a key length so that a key which was used to encrypt a document can’t be found. However, password-cracking programs can enter multiple random passwords with the same speed, so use of CSPs does not slow down password recovery at all. Weak passwords can still be recovered fast enough even if a custom CSP is on.

In Excel and Word 2007, protection was significantly enhanced since a modern protection algorithm named Advanced Encryption Standard started being used.^[6] No computer can currently break a protection which exploits a 128-bit key. With the help of SHA-1 hash function, a password is converted into a 128-bit key 50000 times before document opening, and because of that, password recovery speed was vastly reduced. Since Office 2007, Microsoft PowerPoint started to utilize the same protection as in Excel and Word.

Excel and Word 2010 still employ AES and a 128-bit key, but the number of SHA-1 conversions was doubled and now comprises 100000.^[6] Therefore, password recovery speed was reduced two times just as well.

Password recovery attacks

There are a number of attacks that can be employed to find a password or remove password protection from Excel and Word documents.

Password removal can be done with the help of precomputation tables or a guaranteed decryption attack.

Attacks that target the original password set in Microsoft Excel and Word include: dictionary attack, rule-based attack, brute-force attack, mask attack, statistics-based attack.

Efficiency of attacks can be considerably enhanced if one of the following means is applied: multiple CPUs (distributed attack), GPGPU^[8] (applicable only to Microsoft Office 2007-2010 documents), cloud computing. Cloud computing services are currently the most efficient.^[1]

References

1. "MS Word and MS Excel Password recovery statistics". Password-find.com. 2012-11-19. Retrieved 2012-12-26. 
2. "Password protect documents, workbooks, and presentations - Support - Office.com". Office.microsoft.com. Retrieved 2012-12-26. 
3. "Password protect documents, workbooks, and presentations - Support - Office.com". Office.microsoft.com. Retrieved 2012-12-26. 
4. "Password protect documents, workbooks, and presentations - Support - Office.com". Office.microsoft.com. Retrieved 2012-12-26. 
5. "Office security basics - Word - Office.com". Office.microsoft.com. Retrieved 2012-12-26. 
6. "Microsoft Office File Format Documents". Msdn.microsoft.com. Retrieved 2012-12-26. 
7. "Russian Password Crackers: Password Recovery (Cracking) FAQ". Password-crackers.com. Retrieved 2012-12-26. 
8. "GPU estimations". Golubev.com. 2012-06-22. Retrieved 2012-12-26.