PDF Security

Networking/Security Forums -> Cryptographic Software and Hardware

Author: ptolemytoo PostPosted: Sat Apr 11, 2009 9:29 pm    Post subject: PDF Security
Hello all

I have just joined.

Could someone give me some clue as to just how secure a PDF document with a user password is. It would be created with Adobe Acrobat 6.0 Pro using 128-bit RC4. I have not been able to get a definitive answer after extensive Googling.

I know there are software packages that can bypass the Master Password--the one used to restrict printing and modifying of the document etc. I am not concerned with that, I want to know if sending a PDF document, that needs a password to open, via email is reasonably safe. This site, claims that they will crack a user password document for $500: http://www.pwcrack.com/acrobat.shtml. I suspect they are talking about the 40-bit key only but I'm not sure.

Assuming the NSA is not interested in cracking this file, how easy would it be for a motivated amateur, with free software to do so?



Author: ptolemytoo PostPosted: Thu Apr 16, 2009 12:44 am    Post subject: PDF Security - Nobody?
Does nobody have even an opinion?

Am I doing something wrong?


Author: Fire AntLocation: London PostPosted: Thu Apr 16, 2009 10:12 am    Post subject:

I think the NSA just need to put one Dell PC on the case and voila. Have a look at this Wiki article which gives a good run down on the cipher.


RC4 (104-bit) was used in WEP which we all know can be cracked by my nan using a calculator. Is RC4 considered a weak algorithm, I would say yes but the whole WEP cracking thing is different to PDF security. RC4s weakness is its ability to leak key material into the ciphertext and over time the key can be determined.

Is it strong enough for PDF security, difficult to say but I would gestimate yes. What makes the any symmetric encryption scheme weak is that a passphrase is normally used to protect the key material or becomes the key material. In this case I can set my brute force cracker on your PDF knowing that your passphrase is something easy to remember not like real key material which would be random as a machine could make it.


Author: ptolemytoo PostPosted: Thu Apr 16, 2009 9:37 pm    Post subject:
Thank you very much for your well reasoned response,

I'm going to assume that, in the absence of a targeted and motivated attack--which there is no reason to expect--and with a good, random password containing numerals and other non alphabetic characters, that the document will be safe enough.

I believe later versions of Acrobat use AES encryption which I assume will be more secure. It remains for me and the recipient to upgrade to Acrobat Ver. 9.0.



Networking/Security Forums -> Cryptographic Software and Hardware

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group