Passwords in Microsoft Word 97/2000
Write protection password.
This password is stored inside the document. You can see it using any HEX-viewer.
Document protection password.
Password hash is stored in the document. Hash length is only 32 bits. We can change this password to any other one, or disable it (replace with a hash of an empty string).
Password to open
When this password is set, the entire Word document (including a part of auxiliary information) is encrypted with the RC4 algorithm (stream cipher). 128-bit long hash formed with the MD5 algorithm is used for password verification. Encryption key is 40-bit long, because state regulations of many countries don’t allow using stronger crypto.
Applications for password recovery:
Advanced Office 2000 Password Recovery
http://www.elcomsoft.com