Run Olly Debug
drag Decompile.exe into ollydbg to load it
rightclick -> Search For -> All referenced text strings
First four referenced text strings are all interesting. First two are prompts which are passed to the display string function. The second two are the possible outputs based on if the comparison is correct. Double click "Right" and you will be in the area you need to be in. You will notice a jnz above this reference which is the check.
Code:
0040149A |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
0040149D |. 3B45 C8 CMP EAX,DWORD PTR SS:[EBP-38]
004014A0 |. 75 16 JNZ SHORT decompil.004014B8
004014A2 |. C74424 04 2500>MOV DWORD PTR SS:[ESP+4],decompil.004400>; ASCII "Right"
Now look to see where "EBP-34" is written two as this hold the key value.
(NOTE: By stepping over this section of code we can see when text is displayed (aka: the print function) and when it doesn't return because it's getting input (aka: the input function))
Code:
004013DC |. E8 D3BA0300 CALL <decompil.Input>
004013E1 |. E8 9AEB0200 CALL decompil.0042FF80 ; mov eax, -1
004013E6 |. 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
004013EA |. C74424 04 0100>MOV DWORD PTR SS:[ESP+4],1
004013F2 |. C70424 6034440>MOV DWORD PTR SS:[ESP],decompil.00443460
004013F9 |. E8 F2530200 CALL decompil.004267F0
004013FE |. 0FB645 E8 MOVZX EAX,BYTE PTR SS:[EBP-18]
00401402 |. FEC0 INC AL
00401404 |. 8845 D7 MOV BYTE PTR SS:[EBP-29],AL
00401407 |. 0FB645 E9 MOVZX EAX,BYTE PTR SS:[EBP-17]
0040140B |. 04 02 ADD AL,2
0040140D |. 8845 D6 MOV BYTE PTR SS:[EBP-2A],AL
00401410 |. 0FB645 EA MOVZX EAX,BYTE PTR SS:[EBP-16]
00401414 |. 04 03 ADD AL,3
00401416 |. 8845 D5 MOV BYTE PTR SS:[EBP-2B],AL
00401419 |. 0FBE55 D7 MOVSX EDX,BYTE PTR SS:[EBP-29]
0040141D |. 0FBE45 D6 MOVSX EAX,BYTE PTR SS:[EBP-2A]
00401421 |. 01C2 ADD EDX,EAX
00401423 |. 0FBE45 D5 MOVSX EAX,BYTE PTR SS:[EBP-2B]
00401427 |. 8D0402 LEA EAX,DWORD PTR DS:[EDX+EAX]
0040142A |. 8945 CC MOV DWORD PTR SS:[EBP-34],EAX
As we see "EBP-34" is written out of the first input ("enter a 3 letter word"

We can step through this and watch it increment/add all the characters together. (the "encryption"

. Now the other part that we are checking, "EBP-38" we see is from this code after "enter password"
Code:
0040144F |. E8 60BA0300 CALL <decompil.Input>
00401454 |. E8 27EB0200 CALL decompil.0042FF80
00401459 |. 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
0040145D |. C74424 04 0100>MOV DWORD PTR SS:[ESP+4],1
00401465 |. C70424 6034440>MOV DWORD PTR SS:[ESP],decompil.00443460
0040146C |. E8 7F530200 CALL decompil.004267F0
00401471 |. 0FB645 D8 MOVZX EAX,BYTE PTR SS:[EBP-28]
00401475 |. 8845 D4 MOV BYTE PTR SS:[EBP-2C],AL
00401478 |. 0FB645 D9 MOVZX EAX,BYTE PTR SS:[EBP-27]
0040147C |. 8845 D3 MOV BYTE PTR SS:[EBP-2D],AL
0040147F |. 0FB645 DA MOVZX EAX,BYTE PTR SS:[EBP-26]
00401483 |. 8845 D2 MOV BYTE PTR SS:[EBP-2E],AL
00401486 |. 0FBE55 D4 MOVSX EDX,BYTE PTR SS:[EBP-2C]
0040148A |. 0FBE45 D3 MOVSX EAX,BYTE PTR SS:[EBP-2D]
0040148E |. 01C2 ADD EDX,EAX
00401490 |. 0FBE45 D2 MOVSX EAX,BYTE PTR SS:[EBP-2E]
00401494 |. 8D0402 LEA EAX,DWORD PTR DS:[EDX+EAX]
00401497 |. 8945 C8 MOV DWORD PTR SS:[EBP-38],EAX
it looks identical without the increments. Therefore the increments are what changes the "word" from the "password". It may be interesting to note that while the encryption works the way I said. there is a flaw in this method as you could take any of them and add 6 characters to any (one) of them and it will work. because "aaa" -> "bcd" == "aaa" -> "aag" for this encryption.