A system, method and computer program product for recovering a key used to produce a ciphertext document from a plaintext document, including, in the ciphertext document encrypted using an N-bit key, identifying location of an M-bit control value; converting the control value to an M-bit portion of a gamma that corresponds to (a) the ciphertext document and (b) the N-bit key; accessing a file that corresponds to the M-bit portion of the gamma, wherein the file includes approximately 2.sup.N-M keys that correspond to the M-bit portion of the gamma out of the 2.sup.N keys; testing the 2.sup.N-M keys using a cryptographic key validity function, until a valid key is found; and decrypting the ciphertext document using the valid key to produce the plaintext document. The keys in the file can be tested sequentially. The file can be requested from a server prior to accessing it, or can be local. The name of the file can include the M-bit portion of the gamma. The ciphertext document can be encrypted, for example, using a symmetric stream cipher. In one example, N=40 and M=16. More generally, usually M