Recover lost Microsoft Outlook .PST passwords

If you've forgotten or misplaced the password to a Microsoft Outlook personal store (.PST), you can use the freeware utility PstPassword to reverse engineer the .PST file and open it.

Microsoft Outlook 97 through Outlook 2003 support password-protected personal stores (.PST files). Like all passwords, .PST passwords can be forgotten or misplaced.

When that happens, there are usually only a few options:

  • Call a data recovery service
  • Restore the file from a recent backup (provided it, too, isn't protected)
  • Start guessing

The password protection on Microsoft Outlook .PST files is actually not very strong to begin with -- it's akin to the old-school password protection on Microsoft Word documents, which can also be cracked without too much difficulty. This is reason alone not to depend on .PST passwords to protect and secure your email data.

However, if you're in a situation where you need to recover a password-locked .PST file and don't have the budget for data recovery, there is a freeware third-party tool that can reverse-engineer the password(s) for a given .PST file and let you open it: Nir Sofer's PstPassword utility.

The program is simple. Open it and it'll scan the locally logged on user's Microsoft Outlook profile directory -- Documents and Settings\<user_name> \Local Settings\ Application Data\Microsoft\Outlook -- for .PST files. Each file found will be listed in PstPassword's main window, along with up to three possible passwords to open it if it's password-protected.

More than one password may work on a given .PST file, according to Sofer, because of a problem with the way .PST password protection is implemented. The .PST password is not stored in the .PST file. Instead, a 32-bit CRC hash is created from the password, from which it's possible to reverse-engineer a number of different passwords that have the exact same 32-bit CRC hash.

Worse, there's a .PST password bug that makes it possible to create a password that produces a CRC hash of zero. Sofer provides a list of the .PST passwords that generate a zero CRC value in Outlook on his Web site.

Note: I cannot and do not endorse the use of this tool for anything other than legitimate use. If you use .PST files in your organization on local machines, make sure you have other security measures in place, such as an appropriate Group Policy, to prevent users from installing applications or copying files to another system.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

  • Expert Advice: Disabling the use of .PST files in Outlook 2003
  • A primer on Exchange Server .PST files
  • The Microsoft Outlook Toolbox
  • Our SearchExchange.com experts' favorite freeware
  • Reference Center: .PST administration tips and resources

    Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

  • This was first published in July 2006

    Dig deeper on .PST Files

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    1 comment

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    SearchEnterpriseDesktop

    SearchCloudComputing

    SearchSQLServer

    Close