Beginners Guides: Decrypting Document & Zipped File Passwords
Quick and simple way to unlock those Microsoft Word, Zip, or PDF files that you've forgotten the password to. - Version
Security is a cause for concern in all areas of
computer use. As we have shown in previous beginner's guide articles,
nothing is quite as easy a target as an unprotected, un-passworded, un-updated
computer floating on the tides of the Internet like a fat, juicy duck. You
should always keep your system updated and password protected, lest someone take
a bite out of your data.
Security does not begin and end with the operating
system however. Many businesses routinely keep all computer communications
encrypted and confidential, and even secure individual documents created with
their office software.
While many operating systems allow users with
administrative privileges to set permissions on documents, this method is not
always easy or straightforward, and thus not particularly desirable to the
average user. If you want to make sure that only you and your compatriots
can access certain documents, encrypting and password protecting said documents
is the obvious way to go. To this end, many popular software packages
provide a method of safeguarding files, generally based on a password.
This is fine, but what if you forget the
password? You might as well have deleted your work, right? Only this
time the 'previous saved document' function will not save you...
But not so fast. As we will endeavor to show
in this article, a lot of the methods of protection used by common software
packages far from invulnerable. With time, the right software and the
right instruction, you can crack the protection on your files and
reclaim your documents. You can also recover incorrectly deleted
documents, even if they have already passed beyond the recycle bin into that
digital bit of heaven somewhere between the plug and
Common methods of
password protection and recovery
The most common method of protecting
files is to use a numerical value generated from the password as a key, and
use that key to encrypt the document. Microsoft office (pre-Office XP) uses this
method on WORD documents, using 40-bit encryption which is fairly strong.
40-bit encryption is considered the minimum to
safely protect data, but with the increased speed of modern computers, it is now
feasible for an average home computer to break this level of encryption over the
course of a few days. This is done by a key-search in which every possible
40-bit numerical key (the value generated from the password and used to encrypt
or decrypt data) is tried until the correct one is found.
Any software that uses passwords is vulnerable to dictionary attack using
a program to try words against the password until the correct one is
method is the good old brute-force attack
in which all combinations of letters and/or characters and
numbers up to a certain length are fed into the program
until the correct password is found. They call this the '1000 monkeys with typewriters'
The only sure protection against dictionary and
brute force attacks is to either make very complex passwords, which will ensure
that brute-force attacks take far too long to be effective, or to have some sort
of mechanism to limit the amount of times that a user can attempt to enter a
While the latter method of protection is common in
operating system security, where password safety is considered extremely
important, it is unknown in regular software applications like Office. This
means that the dictionary and brute-force attack methods are the most common and
effective means of recovering passwords for just about any application.