Cracking a 25-Year-Old Password with Claude Code
The discovery
I was cleaning up old files in my cloud storage when I stumbled across a Microsoft Word document from May 1999. The filename suggested it was something personal I’d written while living in Philadelphia.
I tried to open it. Password protected.
I had absolutely no memory of what password I would have used more than 25 years ago. The document predated my current password manager by over a decade. Whatever clever password 1999-me had chosen was lost to time.
The failed attempts
I tried the obvious things first. macOS’s textutil command, which usually handles old Word documents gracefully:
Encrypted documents are not supported
I tried antiword, a utility specifically designed for old Word formats:
Encrypted documents are not supported
The document was encrypted with Word 97’s password protection. Without the password, these tools couldn’t help.
Enter Claude Code
I was already using Claude Code for the file cleanup project. On a whim, I asked if it could help crack the password.
What happened next felt less like using a coding assistant and more like working with a resourceful security researcher.
Phase 1: reconnaissance
Claude’s first move was to understand what we were dealing with. It used Python’s olefile library to examine the document’s internal structure and confirmed the encryption type:
Encrypted flag: True
lKey value: 52
RC4 encryption detected
Word 97 used RC4 encryption with a 40-bit key — considered secure in 1999, but trivial to break with modern hardware.
Phase 2: tool acquisition
Claude didn’t just tell me what tools I needed — it installed them:
pip3 install msoffcrypto-tool
brew install hashcat
It downloaded office2john.py directly from the John the Ripper repository to extract the password hash from the document:
$oldoffice$1*4665bde50614400693102c3105181248*c4f6dde87c0a292e5f88c8d369c481d3*6c12f45357b5a8ed0f3e43d9efc1d283
That string contains everything needed to crack the password: the salt, the encrypted verifier, and the verifier hash.
Phase 3: the crack
Claude started with dictionary attacks — common passwords, variations on words from the document’s metadata. Nothing.
Then it moved to brute force. My M4 Max MacBook Pro became a password-cracking machine:
Speed.#02........: 293.1 MH/s
Nearly 300 million password attempts per second.
Claude systematically worked through the keyspace:
- 1-character passwords: instant
- 2-character: instant
- 3-character: instant
- 4-character: under a second
- 5-character: 26 seconds
At 6 characters, hashcat found the match. The password was a random-looking string of mixed case, numbers, and symbols — the kind of “strong” password 1999-me would have been proud of.
Total time from “let’s try to crack this” to success: about 3 minutes of actual cracking time.
Phase 4: victory
With the password recovered, Claude used msoffcrypto to decrypt the document:
file.load_key(password="[REDACTED]")
file.decrypt(decrypted)
I was reading a document I’d written a quarter century ago. A small piece of personal history, recovered.
What made this work
Claude thought like a hacker. It didn’t just know about password cracking in the abstract — it knew the specific tools, the hash formats, the attack modes. When one approach failed, it tried another.
It acquired its own tools. Claude installed Python libraries, downloaded scripts from GitHub, and installed hashcat via Homebrew. It didn’t ask me to do these things; it just did them.
It understood the target. Word 97’s RC4 encryption is weak by design. Claude knew this and chose an appropriate attack strategy. A brute-force attack that would be futile against modern encryption was perfect for 1999-era security.
The whole thing was collaborative. I could see what Claude was doing at each step. When dictionary attacks failed, it explained why it was moving to brute force. When the crack succeeded, it showed me exactly what the password was and how to use it.
The bigger picture
This wasn’t about cracking passwords for nefarious purposes. It was about recovering access to my own data — something anyone with old encrypted files might need to do.
But it demonstrated something important about AI coding assistants: they’re not just for writing new code. They can be genuine problem-solving partners for technical challenges that would otherwise require specialized knowledge.
Back in 1999, I protected a document with what I thought was a strong password. Today, I recovered that password in minutes with an AI assistant that knew exactly how to approach the problem.
The document itself? Just a piece of personal correspondence from my Philadelphia days. But recovering it reminded me why I find working with these tools so compelling — they turn “I don’t know how to do this” into “ let’s figure it out together.”
Technical note: The password was cracked using hashcat mode 9700 (MS Office <= 2003) with a brute-force mask attack. Word 97’s encryption used 40-bit RC4, which was export-restricted “strong” encryption at the time but is trivially breakable today. If you’re wondering why I redacted the password but left the hash — well, you now have everything you need to find out.