After losing a bet to crack a Microsoft Word 2007 password I decided to launch a new website called HowStrongIsYourPassword.com.

Earlier versions of Microsoft Word, 97, 2000, and 2003 use a DES 40bit form of encryption which meant that a brute-force attack (which is to try all the possible combinations of passwords) meant that cracking the password was guaranteed.

However Word 2007 uses AES 128bit encryption, which makes the brute-force attack very very slow. For example in tests on a Word 2003 passworded document I got upto 2,500,000 passwords per minute using 10 computers at once. With the same hardware configuration I only got a mere 260 passwords per minute for a Word 2007 document.

Well Done, Microsoft Office 2007 team, Bill Gates you should be proud!

After 5 days and 112 million tries I gave-up!

The length and complexity of your password can determine how secure it is:

Password is 6 characters long
94 possible characters in the password
26 uppercase + 26 lowercase + 32 special + 10 numbers = 94
946 = 689,869,781,056 unique password permutations
Need 133,076 password attempts/sec to attempt all combinations
(946/60 days (5184000 seconds) = 133,076)

Password is 7 characters long,
94 possible characters in the password
26 uppercase + 26 lowercase + 32 special + 10 numbers = 94
947 = 64,847,759,419,264 unique password permutations
Need 12,509,212 password attempts/sec to attempt all combinations
(947/60 days (5184000 seconds) = 12,509,212)

To summarise:

• Make your password a long as possible
• Use lower and uppercase, numbers and special symbols where appropriate.
• Think of a short phrase and use that as your password.
• Try your passwords at HowStrongIsYourPassword.com