Microsoft Office password protection is a security feature that allows Microsoft Office documents (e.g. Word, Excel, PowerPoint) to be protected with a user-provided password.
There are two types of passwords that can be set to a document:[1]
In Excel and Word 95 and prior editions a weak protection algorithm is used that converts a password to a 16-bit verifier and a 16-byte XOR obfuscation array[1] key.[4] Hacking software is now readily available to find a 16-byte key and decrypt the password-protected document.[5]
Office 97, 2000, XP and 2003 use RC4 with 40 bits.[4] The implementation contains multiple vulnerabilities rendering it insecure.[5]
In Office XP and 2003 an opportunity to use a custom protection algorithm was added.[4] Choosing a non-standard Cryptographic Service Provider allows increasing the key length. Weak passwords can still be recovered quickly even if a custom CSP is on.
In Office 2007, protection was significantly enhanced since a modern protection algorithm named Advanced Encryption Standard was used.[4] At present[when?], there is no software that can break this encryption. With the help of the SHA-1 hash function, the password is stretched into a 128-bit key 50,000 times before opening the document; as a result, the time required to crack it is vastly increased, similar to PBKDF2, scrypt or other KDFs.[citation needed]
Office 2010 employed AES and a 128-bit key, but the number of SHA-1 conversions doubled to 100,000.[4]
Office 2013 uses 128-bit AES, again with hash algorithm SHA-1 by default.[6] It introduces SHA-512 hashes in the encryption algorithm, making brute-force and rainbow table attacks slower.[citation needed]
Office 2016 uses, by default, 256-bit AES, the SHA-2 hash algorithm, 16 bytes of salt and CBC (cipher block chaining).[7]
Attacks that target the password include dictionary attacks, rule-based attacks, brute-force attacks, mask attacks and statistics-based attacks. Attacks can be sped up through multiple CPUs, also in the cloud, and GPGPU (applicable only to Office 2007-10 documents).[citation needed]
The protection for worksheets and macros is necessarily weaker than that for the entire workbook, as the software itself must be able to display or use them.[citation needed]
For XLSX files that can be opened but not edited, there is another attack. As the file format is a group of XML files within a ZIP; unzipping, editing, and replacing the workbook.xml file (and/or the individual worksheet XML files) with identical copies in which the unknown key and salt are replaced with a known pair or removed altogether allows the sheets to be edited.[citation needed]