MsoPsw97 |
password recovery tool for |
(c) 1998 Vitas Ramanchauskas, vitas@webdon.com, v-t-s@usa.net |
|
HOME Vitas' site License Register now! TechNotes Setup Bug Report |
|
This page based on the information from my site. Visit it for full and up to date version.
If the password protection system you use had been designed properly (as in case with MS Office97) the only way of password recovery is searching all passwords (although this search may be quite intelligent - read further about this). For a password search it is important to know how many passwords are possible and what is the search speed. The quantity of password variants equals to N^M, where N is the quantity of characters in a charset (i.e., the quantity of characters that may be virtually present in a password) and M is the length of a password. By dividing this number by the speed of a search we obtain the T - the time for a complete search, that is, in the 'worst case' the time we have to wait to get a password. In the 'best case' the very first password will be the right one. The probability to find a password during the time of t equals to p=t/T, for example, a probability to find the password during the half of time indicated equals to 50%.
A password usually only contains letters. In this case the quantity of characters in a charset is 26 or 52, depending on usage of registers - both of them or just one. The following table will help you estimate what the aforementioned formulas actually mean.
psw length / charset |
26 (no case, letters only) |
36 (no case, letters&digits) |
52 (case sensitive) |
96 (all printable) |
4 |
instantly |
1 minute |
6 minutes |
71 minutes |
5 |
10 minutes |
50 minutes |
5 hours |
5 days |
6 |
4 hours |
30 hours |
12 days |
15 months |
7 |
5 days |
45 days |
20 months |
121 years |
8 |
4 months |
5 years |
86 years |
11,600 years |
9 |
9 years |
163 years |
4469 years |
over 1,000,000 years |
You may use power of multiple computers to speed up. But if your password was long enough this feature won't help you. Nevertheless, things don't look so bleak for you. The point is that passwords are made up by living people, and many people are alike. Therefore people use some words more frequently than others. There exist frequency dictionaries that list the most popular words. Good dictionaries contain hundreds thousand words. Almost for sure, any word you can come up with is contained in such dictionaries. Even if you take a professional term as a password, it can still be contained in a dictionary. Try to use a dictionary!
Another way is to use 'smart force attack' instead of brute force. This technology is under development. You can find more details about it on my site. It will be included into future releases of the program. All registered users will receive this update for free!