If you come across a document that happened to "fall off a lorry" and when trying to open it Microsoft Word prompts you for a password then you have a very limited set of options.
First off, stop looking for a short cut; there isn't any. You can't open the document in a debugger, change a byte, move it to Linux and save it PDF format and have it magically unlocked. Microsoft is way smarter than that. The whole document is heavily encrypted and just can't be opened without a password.
How does one get the password anyway?
One way is to look through the drawers of the person who actually owns the document in the hope that he left the password written on paper. Not gonna happen!
The second way is to try all possible passwords till you happen to hit the correct one.
The third way is... There is no third option.
The method of trying all possible combinations is naturally not something that anyone in his right mind would try doing manually. You are, hopefully, in your right mind which is why you are reading blogs instead of typing in passwords at demonic speeds.
I am going to keep this blog entry short and to the point.
Download a program that will run the permutations for you. The one from Passware is good or you can try Open Password Remover. Both work the same way. There is a third one that I will mention later.
These programs have three methods of hacking:
First, all words from a standard dictionary are tried. This is called a dictionary attack. If the password is something like "computer" or "sugar" then the program will find it.
The second is called the Xieve method whereby word combinations are tried. For example "mycomputer" or "treehotdog". This is much slower than above; a 12-character password can be cracked in a couple of days.
The third is called the brute force method. This tries everything, all combinations. It guarantees finding the password no matter what it is. On my computer the program is right now running and trying over half a million combinations per second.
Great, isn't it? No, it's not.
Don't try it.
A single character from "A" to "Z" has 26 possible combinations. Double it for lower case. Add 10 for digits. Add 10 more for special characters. There are more than 10 special characters but for the sake of argument I am taking a round number.
How many combinations there are depends on the length of the password. Here's a short table to see what this means:
| Possible Combinations | Length of password | Total Permutations |
|---|---|---|
| 26 | 3 | 15,600 |
| 52 | 3 | 132,600 |
| 62 | 3 | 226,920 |
| 26 | 5 | 7,893,600 |
| 52 | 5 | 311,875,200 |
| 62 | 5 | 776,520,240 |
| 26 | 10 | 19,275,223,968,000 |
| 52 | 10 | 57,407,703,889,536,000 |
| 62 | 10 | 390,164,706,723,053,000 |
That is one big number of combinations. My computer reports that it will finish trying the permutations in 560,471 years and 2 months! Hmmm... not in time for lunch then, what?
Sorry to rain on your parade. You aren't going to succeed.
Last option: It is practical. Try it if you are really, really adamant about breaking into the document: Spend some money. Not much, mind you, the service doesn't charge all that much. The best service that I found on the Net is Decryptum. They charge $30 or so per document. What they do is that they have a bunch of high speed servers running in parallel that run the permutations in much less time than 560 thousand years.
No comments:
Post a Comment