How can I decrypt a Microsoft Word document for which I have the key?

[meitarm]

As per a suggestion from another group,
(http://groups.google.com/group/micr...q=microsoft word encryption key crack&rnum=2&)
I've posted my question here in hopes of a helpful response. Thanks in
advance.

Hi all,
I'm rather a novice when it comes to security concerns in the Microsoft

realm, so please bear with me. Here's my situation:

A friend has an old Microsoft Word (97+, I am guessing) document for
which she has set an "open document password." That is, the file is
password-protected and encrypted. She has forgotten the password for
the file and now needs to open it, but can't without cracking the
security protection she has already placed on it. I have never before
even attempted anything like this, but figuring it a good opportunity
to learn something I took it upon myself to see if I could help.

My research uncovered a plethora of Windows-based tools (applications)
which promise to recover the password if I buy the full version of the
program, but since this task is largely for my own edification it would

be utterly pointless just to pay for a program. Nevertheless, I tried
to the demo versions of plenty of these programs. One proved fruitful:
it has managed to recover the encryption key used on the document.

So now I have learned several things about the Word document. Firstly,
the password is more than five characters long. Secondly, that it is
likely a "modern" version of Microsoft Word. Thirdly, and I am assuming

most helpful, I know the precise encryption key.

Knowing these things, especialy the encryption key, how can I now
decrypt the document and read its contents?

Thanks in advance for pointing me in the right direction.
Regards,
-Meitar

 

[Robert M. Franz (RMF)]

Hi meitarm

A friend has an old Microsoft Word (97+, I am guessing) document for
which she has set an "open document password." That is, the file is
password-protected and encrypted. She has forgotten the password for
the file and now needs to open it, but can't without cracking the
security protection she has already placed on it. I have never before
even attempted anything like this, but figuring it a good opportunity
to learn something I took it upon myself to see if I could help.

My research uncovered a plethora of Windows-based tools (applications)
which promise to recover the password if I buy the full version of the
program, but since this task is largely for my own edification it would

be utterly pointless just to pay for a program.

We all think it's pointless to pay when we don't want to ... ;-)

Nevertheless, I tried
to the demo versions of plenty of these programs. One proved fruitful:
it has managed to recover the encryption key used on the document.

So now I have learned several things about the Word document. Firstly,
the password is more than five characters long. Secondly, that it is
likely a "modern" version of Microsoft Word. Thirdly, and I am assuming

most helpful, I know the precise encryption key.

Knowing these things, especialy the encryption key, how can I now
decrypt the document and read its contents?

Have you tried opening the file in Word?

2cents
Robert

 

[meitarm]

Hi meitarm


We all think it's pointless to pay when we don't want to ... ;-)

True enough, but you must concede that I will be less likely to learn
about the workings of security on Office documents if I pay for a
program to crack it for me rather than actually do my research on how
it works. I would be more than happy to spend money on a curriculum in
comptuer security; I am less enthused about the idea of paying for
something which will not teach me something other than how to use the
interface of the one program I choose to purchase.

Have you tried opening the file in Word?

2cents
Robert

Yes, I have tried openning the file in Word. When I do so, a dialogue
box pops up and asks for the password to open the document. Remember, I
do not know the password. What I do know is the 40-bit encryption key
with which to decrypt the document. Unfortuantely, I do not know how to
apply my knowledge of the encryption key to a process that will result
in a decrypted document.

In other words, how do I take encrypted document A and encryption key X
and produce unecrypted document P?

Thanks,
-Meitar

 

[Tony Jollans]

Modern Word security is fairly effective. I don't know exactly how it works
but, as far as I understand, it can not be broken and all that the myriad
products available for download and/or purchase do is a full frontal assault
with a sledgehammer - they keep trying passwords until they find one that
works (which might take days or weeks depending on the complexity of the
original password). I have no idea what you have found that you think is an
encryption key but what you would need would be a *de*cryption key
(essentially a password); without that I don't think you have made any
progress.

General 'netiquette' on all forums in which I participate is that breaking
security is not an acceptable subject for disussion. Any information posted
is public and open to misuse whether or not your own situation is genuine.
There may be dedicated security forums somewhere on the net where you could
learn about general encryption/decryption techniques, I don't know, but you
are unlikely to get any real help here even if, which I doubt, any is
actually available. A password is what you need - without one you cannot
read the document which, I'm sure, is welcome news to most users.

 

[Robert M. Franz (RMF)]

True enough, but you must concede that I will be less likely to learn
about the workings of security on Office documents if I pay for a
program to crack it for me rather than actually do my research on how
it works. I would be more than happy to spend money on a curriculum in
comptuer security; I am less enthused about the idea of paying for
something which will not teach me something other than how to use the
interface of the one program I choose to purchase.

OK, fair enough. I probably didn't see enough of the "I want to learn"
in your OP (sounded more like "I want to open this file" here).

Yes, I have tried openning the file in Word. When I do so, a dialogue
box pops up and asks for the password to open the document. Remember, I
do not know the password. What I do know is the 40-bit encryption key
with which to decrypt the document. Unfortuantely, I do not know how to
apply my knowledge of the encryption key to a process that will result
in a decrypted document.

In other words, how do I take encrypted document A and encryption key X
and produce unecrypted document P?

OK: I was of the impression that the "encryption key" was actually the
password (which is the case with many symmetrical encription methodes,
basically bit-level XOR). I have no indication that this is not the case
in Word, but only Microsoft would know.

OTOH, might as well be that the tools you were using don't work as they
should. See Tony's post, too.

Greetings
Robert

 

[meitarm]

Modern Word security is fairly effective. I don't know exactly how it works
but, as far as I understand, it can not be broken and all that the myriad
products available for download and/or purchase do is a full frontal assault
with a sledgehammer - they keep trying passwords until they find one that
works (which might take days or weeks depending on the complexity of the
original password). I have no idea what you have found that you think is an
encryption key but what you would need would be a *de*cryption key
(essentially a password); without that I don't think you have made any
progress.

Perhaps, then, I'm a little confused. Say I write a memo in Microsoft
Word, then protect it with a password to open. The document is now
"protected" in that it needs a password to open the file but isn't that
just a convenient mechanism for decryption? That is, to really protect
the document, the file itself must be inaccessible (encrypted?) and the
password to open it is merely a user interface technique to give one
user access to the encrypted information.

I was under the impression that there are two "levels" of security in
Microsoft Word documents: 1) the password can brute-forced and that
will open the document via the so-called natural attempt of opening the
document and 2) the document, the file itself, is encrypted so that
another user could manipulate the document through any other (perhaps
non-GUI) means. When I talk of having the encryption key, what I mean
is that through a brute-force (keyspace-attack) search on the document
itself I was able to discern the 40-bit value used as the encryption
key. Whether or not that's helpful at all is another story.

General 'netiquette' on all forums in which I participate is that breaking
security is not an acceptable subject for disussion. Any information posted
is public and open to misuse whether or not your own situation is genuine.
There may be dedicated security forums somewhere on the net where you could
learn about general encryption/decryption techniques, I don't know, but you
are unlikely to get any real help here even if, which I doubt, any is
actually available. A password is what you need - without one you cannot
read the document which, I'm sure, is welcome news to most users.

I understand--a sensitive subject and a public forum don't often mix
well. Sounds to me like the classic case of those who know don't talk
and, you know the rest. That's okay though. I do appreciate your
reply and will continue to educate myself elsewhere. Also thanks for
the gentle nudge on security-related netiquette.

-Meitar

 

[Tony Jollans]

Hi Meitar,

This may depend a bit on the version of Word you are using, but I believe
that the act of giving a Word document a password causes it to be encrypted
when saved. You have the option to choose the strength of encryption but
there isn't a separate encryption process in any way independent of the
document having a password. It seems almost unthinkable to me that any kind
of encrypted document would contain within it full information to enable its
decryption and, as the password is the only user input into the process, I
assume it plays a part in the process. Chances are that the password alone
is not sufficient for decryption and my guess is that what you have found
is something which needs to be used in conjunction with the password to
decrypt the document.

That really is the extent of my 'knowledge' (I'm no threat to anyone!) I
have no more than a passing interest in cryptography, and I'm not hiding
anything from you

Good luck!