Earlier versions of Microsoft Word, 97, 2000, and 2003 use a DES 40bit form of encryption which meant that a brute-force attack (which is to try all the possible combinations of passwords) meant that cracking the password was guaranteed.
However Word 2007 uses AES 128bit encryption, which makes the brute-force attack very very slow. For example in tests on a Word 2003 passworded document I got upto 2,500,000 passwords per minute using 10 computers at once. With the same hardware configuration I only got a mere 260 passwords per minute for a Word 2007 document.
Well Done, Microsoft Office 2007 team, Bill Gates you should be proud!
After 5 days and 112 million tries I gave-up!
The length and complexity of your password can determine how secure it is:
Password is 6 characters long
94 possible characters in the password
26 uppercase + 26 lowercase + 32 special + 10 numbers = 94
946 = 689,869,781,056 unique password permutations
Need 133,076 password attempts/sec to attempt all combinations
(946/60 days (5184000 seconds) = 133,076)
Password is 7 characters long,
94 possible characters in the password
26 uppercase + 26 lowercase + 32 special + 10 numbers = 94
947 = 64,847,759,419,264 unique password permutations
Need 12,509,212 password attempts/sec to attempt all combinations
(947/60 days (5184000 seconds) = 12,509,212)
To summarise:
Make your password a long as possible
Use lower and uppercase, numbers and special symbols where appropriate.
Think of a short phrase and use that as your password.
