Preamble:In reformatting and upgrading this site I debated whether to keep the Excel Password Recovery section or not.I don''t want to provide a hacker''s how-to list but do think it important that users and developers know how to protect their work and understand the limitations of Excel''s password protection. In this vein I''ve re-written the Excel Password Recovery pages focussing on Excel Security and ''how to protect Excel spreadsheets'' as opposed to ''how to crack Excel spreadsheets''.I do identify Excel''s weaknesses and how to protect against them, and do link to commercial locksmith services. Excel Protection - Main Points:
Excel uses 4 types of passwords.
Worksheet and Workbook Structure PasswordsThe encryption on Worksheet and Workbook structure passwords is extremely weak. Passwords can be cracked in minutes with free software. Even Microsoft acknowledges that worksheet and workbook protection is a ''display'' feature and not a ''security'' feature.Passwords will only stop the casual user and cannot be relied upon as a security feature in distributed applications.Worksheet Access and VBA PasswordsRecovering and removing a password from a protected and closed file is more time-consuming with a lower probability of success.Most recovery software uses a brute-force approach trying every possible combination of letters, numbers and symbols. A more refined approach is the dictionary-attack that only looks for "real" words and ignores nonsense combinations."For example, the fastest program gives about 170,000 password/second on Pentium III/800. To find an 8-character password consisting of lowercase Latin letters and digits you''ll need about 200 days."Brute force and dictionary attacks are appropriate if you are confident that the passwords are under 8 characters, use all letters (no numbers or symbols) and are based on ''real'' words. (Un)fortunately most passwords are not sophisticated, are too short and do not incorporate numbers or symbols.A relatively quicker approach is "key encryption recovery". Because there are fewer encryption keys than letters and symbols (a many to one relationship), fewer combinations have to be searched, and the recovery time can be reduced to under 30 days.Encrypted passwords should be harder to crack but US crypto export regulations limit the key length to 40 bits.You may either purchase the software yourself or use a professional recovery service which will apply multiple dedicated computers to the task reducing turnaround time to 2-14 days.', '