Outlook PST/OST Encryption — History and Recovery

Compressible Encryption — trivial obfuscation

Outlook 97-2003 default for PST files was 'Compressible Encryption' — really a single-byte XOR obfuscation against a fixed pattern. The 'compressible' name comes from the fact that XOR-encrypted data preserves run-length patterns from the plaintext, allowing standard ZIP compression to still work effectively.

From a security perspective, this is trivially reversible. Any tool that knows the XOR pattern decrypts the entire PST in microseconds. Microsoft documents this in [MS-PST] specification — it's not marketed as security.

PST files from the late 1990s and early 2000s commonly use this scheme. They appear in archive systems and are recoverable instantly without any password search.

Strong Encryption — RC4 with weak KDF

Microsoft 'Strong Encryption' for PST used RC4 with a key derived from the password through a relatively weak hashing process. The cipher itself was RC4, and the key length was small enough that direct cipher-key attacks were feasible.

Recovery for Strong Encryption PST files is typically fast — the password verification is fast on GPUs, and the password keyspace was effectively bounded by Outlook's character restrictions. Specialised PST recovery tools (Kernel for Outlook, Stellar, Recoverit) handle this efficiently.

PST files from Outlook 2003 with explicit password protection commonly used Strong Encryption.

Outlook 2007+ encryption

Outlook 2007 onwards moved to a stronger encryption scheme that aligns with the broader Office 2007 cryptographic refresh. The KDF uses iterated SHA-1, the cipher is AES-128, and the keyspace properties match modern Office password protection.

From a recovery standpoint, modern Outlook PST password protection is similar to mode 9500/9600 — feasibility depends on password complexity rather than cipher weakness. Strong random passwords typically aren't recoverable; common patterns are.

OST files — different category

OST files (offline storage) are server-side replicas of mailbox content cached locally for offline access. OST files are not user-password-protected in the same way as PST files — their access is controlled by the user's Windows account credentials and the Exchange/Outlook profile.

Recovering data from an orphaned OST file (where the original mailbox is unavailable) is a different operation: it's structural extraction, not password recovery. Tools like ostextract, Kernel for OST, or Microsoft's scanost.exe convert OST to PST for portable access.

Which generation does your file have?

PST format internally records the encryption type. Tools like libpst, libratom, or readpst print the encryption mode without needing the password. Outlook 97-2003 created Compressible Encryption by default; Outlook 2003 SP3+ allowed Strong Encryption; Outlook 2007+ used the modern scheme.

Most PST files in the wild are still old enough to use Compressible Encryption — particularly archive PSTs from corporate email retention systems that preserved original encryption indefinitely.

Practical recovery flow

First step: identify the encryption type. Compressible → recover instantly without password search. Strong → run fast cipher-key attacks. Modern Outlook 2007+ → password search like Office files.

Many customers approach PST recovery thinking they need expensive cryptographic services when their file is actually Compressible Encryption. Honest support starts with format identification.

Frequently Asked Questions

Related references