Recover lost Microsoft Outlook .PST passwords

Microsoft Outlook 97 through Outlook 2003 support password-protected personal stores (.PST files). Like all passwords, .PST passwords can be forgotten or misplaced.

When that happens, there are usually only a few options:

  • Call a data recovery service
  • Restore the file from a recent backup (provided it, too, isn't protected)
  • Start guessing

The password protection on Microsoft Outlook .PST files is actually not very strong to begin with -- it's akin to the old-school password protection on Microsoft Word documents, which can also be cracked without too much difficulty. This is reason alone not to depend on .PST passwords to protect and secure your email data.

However, if you're in a situation where you need to recover a password-locked .PST file and don't have the budget for data recovery, there is a freeware third-party tool that can reverse-engineer the password(s) for a given .PST file and let you open it: Nir Sofer's

    Requires Free Membership to View

PstPassword utility.

The program is simple. Open it and it'll scan the locally logged on user's Microsoft Outlook profile directory -- Documents and Settings\<user_name> \Local Settings\ Application Data\Microsoft\Outlook -- for .PST files. Each file found will be listed in PstPassword's main window, along with up to three possible passwords to open it if it's password-protected.

More than one password may work on a given .PST file, according to Sofer, because of a problem with the way .PST password protection is implemented. The .PST password is not stored in the .PST file. Instead, a 32-bit CRC hash is created from the password, from which it's possible to reverse-engineer a number of different passwords that have the exact same 32-bit CRC hash.

Worse, there's a .PST password bug that makes it possible to create a password that produces a CRC hash of zero. Sofer provides a list of the .PST passwords that generate a zero CRC value in Outlook on his Web site.

Note: I cannot and do not endorse the use of this tool for anything other than legitimate use. If you use .PST files in your organization on local machines, make sure you have other security measures in place, such as an appropriate Group Policy, to prevent users from installing applications or copying files to another system.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

  • Expert Advice: Disabling the use of .PST files in Outlook 2003
  • A primer on Exchange Server .PST files
  • The Microsoft Outlook Toolbox
  • Our SearchExchange.com experts' favorite freeware
  • Reference Center: .PST administration tips and resources

    Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

    This was first published in July 2006

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.