Nowadays information is more and more of an asset; as such, it is becoming ever more important as evidence in law enforcement cases. Being valuable, information is often encrypted; thus law enforcement bodies must have access to methods and tools to decrypt it.

This compact paper presents a method to retrieve passwords used to encrypt Microsoft Word 2007 and Word 2010 documents. First, it describes the method used by these two applications to encrypt a document. For both versions of Word, it is the same and is based on a two-step process. In step 1, a key is generated from a password chosen by the user; in step 2, the whole document goes through an authentication scheme based on that key. (The key generation function and authentication scheme differ in the two Word versions.) Document decryption (or cracking, as hackers would say) is performed through a process involving a key and a ciphertext: when the two match, the document is decrypted and made readable; this process, though, is difficult, as a single key/ciphertext comparison cycle could involve up to 100,000 iterations. The method presented in this paper reduces the number of iterations involved by precomputing and optimizing ciphertext representation. The results cited in the paper show a reduction of about 47 percent in password discovery time compared to brute force search. These are very interesting results. The only flaw I see is that they refer only to Word 2007 and Word 2010 documents. Maybe in future works, these results could be generalized to a broader class of documents and files.