Microsoft® Office XP (2002) and later supports three different levels of Password protection (see Microsoft® Knowledge Base Article - Q290112: General Information about Microsoft® Office XP Encryption):

Office 97/2000 Compatible Encryption

The default encryption method for Microsoft® Office XP is the Office 97/2000 Compatible Encryption method. This is the Office-proprietary encryption that is supported by Microsoft® Office 97/2000 (Word® and Excel®). Office 97/2000 Compatible continues to be the default Password algorithm to ensure backward compatibility and international document portability.

Weak Encryption (XOR)

This method equates to the Office 95 and older XOR encryption algorithms that are supported by earlier versions of Word® and Excel® and that are still used in Office 2000 when the system locale is France. This is a fast, simple algorithm, but it does not offer the best security. For files encrypted using this method, all Passwords are being recovered instantly.

Cryptographic Provider

This is a new encryption method introduced in Microsoft® Office XP. Basically, cryptographic service provider (CSP) is an independent software module that actually performs cryptography algorithms for authentication, encoding, and encryption; for more information, please visit Cryptographic Service Providers at Microsoft® site.

There are a few different cryptographic service providers developed by Microsoft® (some of them are available with every Windows® installation, while the others are installed only with Microsoft® Internet Explorer upgrades, Service Packs or High Encryption Packs ). Office XP Documents can be encrypted using any CSP that supports RC4 (a stream cipher) and SHA-1 (Secure Hash Algorithm). We have successfully tested AOPR on documents encrypted using the following CSPs:

Microsoft® Base Cryptographic Provider

Microsoft® Base DSS and Diffie-Hellman Cryptographic Provider

Microsoft® DH SChannel Cryptographic Provider

Microsoft® Enhanced Cryptographic Provider

Microsoft® Enhanced DSS and Diffie-Hellman Cryptographic Provider

Microsoft® RSA SChannel Cryptographic Provider

Microsoft® Strong Cryptographic Provider

Microsoft® Enchanced RSA and AES Cryptographic Provider (Prototype)

For the Documents using that encryption method, AOPR can run the same attacks as for Office 97/2000, i.e. Brute-Force and Dictionary – even at better speed. If an unknown CSP has been encountered (other than one from the list provided above), AOPR should still recover the password, at least if that CSP follows the Microsoft® specification/standard; otherwise, please contact technical support.

Microsoft® PowerPoint® XP and later uses only "Cryptographic Provider" encryption method.

Get more information about Advanced Office Password Recovery
Get full version of Advanced Office Password Recovery

(c) 2004-2009 ElcomSoft Co.Ltd.