Russian password recovery experts Elcomsoft have a neat little tool called Advanced Office Password Recovery. The software can be downloaded as a 30 day trial, or you can chose between three paid versions: Home, Standard and Professional. The prices vary from $49 for the home version to $199 for professional one. Matrix of differences in these versions can be found over here.
The software has extensive password recovery options for different Office applications, but I used my Home version just for mangling with Microsoft Word.
When you open the application, you can chose different types of attacks. In majority of cases dictionary attack will be just enough. A large base of Word users uses normal phrases for this kind of passwords. Open a Word file and the password recovery process will start:
The software is very fast and as you can see from the lower right bottom of the screenshot below, it tested approx. 17,000 passwords per second. In its peaks the number was up to seven times bigger.
Two minutes after starting the scan I got a positive response from the software and it showed that I was one of "those" people that use their dog's name as a password. Shame on me - the only thing I can say to my defense is that this Word file did not hold any important information.
While playing with the software I tested it against some different types of passwords such as random gibberish and birth dates. Of course, the dictionary was not enough for recovering these passwords, but the brute force attack came to the rescue and delivered results.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.