Russian software firm Intelore has developed a password recovery program for OpenOffice.org that can recover encrypted documents even when the password used for the original encryption has been lost. In addition to recovering passwords, the program can be used to remove various types of document protection, such as document ReadOnly protection, revision marking protection, protection of sections in OpenOffice Writer, protection of cells in OpenOffice Writer tables, automatic protection of indexes and tables, and OpenOffice Calc document protection. A noncommercial license costs $79, while the full version will set you back $129. A free but limited evaluation version is available to try the program out.

The program works by a combination of brute-force password guessing and dictionary attacks. If the user can remember any details about the password, such as the fact that it contains a natural word, or starts with a capital letter, they can select these options before starting the cracking process to reduce the amount of time it takes to find the password. The exact amount of time depends on the length and complexity of the password and the speed of the computer doing the cracking, but Intelore assures that it only takes a "reasonable amount of time" to do so. Typical cracking times are between one and ten hours, but can be much less if hints are provided by the user. The program runs on Windows 95/98/ME, Windows NT 4, Windows 2000, Windows XP, and Windows Vista.

These sorts of password cracking programs are hardly new—in fact, they have been around nearly as long as password protection itself. Utilities for removing password-protection from popular programs such as Adobe Acrobat Reader have been popular with businesses who wish to recover their own files where the original password has been forgotten, or even do a little unauthorized cutting and pasting from someone else's documents.

The fact that a commercial password cracking utility has been released for OpenOffice.org, however, is an indication that the open-source software suite is making significant gains in popularity, particularly in the business sector. Intelore already provides similar utilities for programs such as Microsoft Office, Outlook, Simply Accounting, and the WinRAR archiver.

Not all password recovery programs require the use of a brute-force method: lost passwords for some accounting packages and Outlook Express are recovered "instantly" by Intelore's recovery software, as is the case with some PDF recovery tools. Some software either does not use strong encryption, or stores passwords in an easily-recoverable format in the file itself. In the case of OpenOffice.org, nothing about the program itself has been compromised, as the brute-force solution remains the only method available to recover encrypted documents. Still, even strong encryption can be broken given enough computing power and time, and users who wish to keep their documents protected should look into third-party solutions such as PGP that can use much longer encryption keys, rather than relying on built-in solutions.