Microsoft Office Excel utilizes the encryption algorithm knows as RC4. This encryption method is also found in older Microsoft Office suits like Office 97, 2000 and even 2003. It is also knows as ARC4 or ARCFOUR and is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).
While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, or nonrandom or related keys are used; some ways of using RC4 can lead to very insecure cryptosystems such as WEP. Our company has developed it's own technology for recovering Microsoft Office Excel 97, 2000 or 2003 passwords with 40 bit keys, that allows us to recover the encrypted file almost instantly (in a few seconds), regardless of the password length and complexity. It is available as a service named Remove password excel online.
Microsoft Excel protection offers several types of passwords: password to open a document (we can remove this type of excel password) password to modify a document (we can remove this type of excel password) password to unprotect worksheet (we can remove this type of excel password) password to protect workbook (we can remove this type of excel password) password to protect the sharing workbook (we can remove this type of excel password)
All passwords except password to open a document can be removed instantly regardless of Microsoft Excel version used to create the document. These types of passwords are used primarily for shared work on a document. Such password-protected documents are not encrypted, and a data sources from a set password is saved in a document's header. Password to protect workbook is an exception - when it is set, a document is encrypted with the standard password, but since it is known to public, it actually does not add any extra protection to the document. The only type of password that can prevent a trespasser from gaining access to a document is password to open a document. The cryptographic strength of this kind of protection depends strongly on the Microsoft Excel version that was used to create the document.
In Microsoft Excel 95 and earlier versions, password to open is converted to a 16-bit key that can be instantly cracked. In Excel 97/2000 the password is converted to a 40-bit key, which can also be cracked very quickly using modern equipment. The success rate of this operation is 100%. As regards services which use rainbow tables , it takes up to several seconds to remove protection. In addition, password-cracking programs can brute-force attack passwords at a rate of hundreds of thousands of passwords a second, which not only lets them decrypt a document, but also find the original password.
In Excel 2003/XP the state of affairs is slightly better - a user can choose any encryption algorithm that is available in the system (see Cryptographic Service Provider). Due to the CSP, an Excel file can't be decrypted, and thus the password to open can't be removed, though the brute-force attack speed remains quite high. Nevertheless, the older Excel 97/2000 algorithm is set by the default. Therefore, users who did not changed the default settings lack reliable protection of their documents.
The situation changed fundamentally in Excel 2007, where the modern AES algorithm with a key of 128 bits started being used for decryption, and a 50,000-fold use of the hash function SHA1 reduced the speed of brute-force attacks down to hundreds of passwords per second. In Excel 2010, the strength of the protection by the default was increased two times thanks to the use of a 100,000-fold SHA1 to convert a password to a key.
Conclusion: Currently, reliable protection is provided only by documents saved in the Office 2007/2010 format with a strong password to open set to them.