Microsoft Word documents can utilize three passwords:

  • Password to open
  • Password to modify
  • Protect document password

 

Password to Open

 

The Password to open requires a user to enter a password to view the document.

 

When the user sets a Password to open, the entire Microsoft Word document is encrypted with the RC4 stream cipher.

 

Password to Modify

 

The Password to modify requires a user to enter a password to make changes to the document.

 

When a user sets a Password to modify, the password is stored inside the Microsoft Word document. The password can be viewed or changed with a hex editor.

 

Protect Document Password

 

The Protect document password requires the user to enter a password to un-protect the document.

 

When a user sets a Protect document password, the 32-bit password hash is stored in the Microsoft Word document. The password hash can be viewed or changed with a hex editor.

Applying Passwords in Microsoft Word

 

To apply a Password to open or a Password to modify to a Microsoft Word document, click,,,.

Users can select which encryption algorithm they wish to use and what key length they wish to use with that algorithm.

Encryption algorithms that Microsoft Word supports are:

 

  • Weak Encryption (XOR)
  • Office 97/2000 Compatible
  • RC4, Microsoft Base Cryptographic Provider v1.0
  • RC4, Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
  • RC4, Microsoft DH SChannel Cryptographic Provider
  • RC4, Microsoft Enhanced Cryptographic Provider v1.0
  • RC4, Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
  • RC4, Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
  • RC4, Microsoft RSA SChannel Cryptographic Provider
  • RC4, Microsoft Strong Cryptographic Provider

 

The default is “Office 97/2000 Compatible.” However, even Microsoft states that this is not recommended!

 

To apply a Protect document password to a Microsoft Word document, click

Microsoft Word Password Recovery

 

It is possible simply to edit the Password to modify with a hex editor. It is also possible to edit the hash of the Protect document password.

 

The Password to open can be attacked with a dictionary attack or a brute force attack.

 

Several programs with widely varying capabilities are available to help users recover a lost Microsoft Word password:

 

 

Additional Reading on Microsoft Word Password Recovery

 

 

 

Purchase these excellent books on cryptology at Amazon.com.