4
I want to protect my PDF with a strong password.
But I heard that it can be cracked.
Is it true that strongly-password-protected PDF can be cracked?
Edit: This is my real scenario. I want to sell my ebooks on the web. Recently there are many sites that shares ebooks. I don't want it to happen so I need a password-protected scheme applied to my ebooks. I hope buyers cannot remove and modify the contents; the integrity must be protected.
xport
Posted 2011-07-07T10:02:31.660
Reputation: 2 075
3
Yes, that is true. If that is very important to you, I cannot think of a format that will protect you. There are dozens of tools out there that can break, or remove passwords from PDFs.
It is worth noting, that often passwords can be removed, so it does not matter if it can be broken in the literal sense. Thankfully, they will keep out all but the most determined.
KCotreau
Posted 2011-07-07T10:02:31.660
Reputation: 24 985
Just out of curiosity, could you elaborate on why this is or how these tools work? Is it a security flaw in the way PDFs are encrypted or are they just brute-force? – slhck – 2011-07-07T10:09:05.163
So what should I do if I want to get password protected PDF? – xport – 2011-07-07T10:09:05.227
@xport: You may put the pdf in an encrypted archive. Maybe that is more save... – Michael K – 2011-07-07T10:12:12.023
@slhck I am not 100% sure how in this case, but it is very probably roughly the same model as for breaking a Windows password: They know where the data is stored, so they use a low-level editor to simply remove the data that protects it, rather than trying to brute-force it. Easier to just remove it. – KCotreau – 2011-07-07T10:12:26.163
@Michael K You have to assume he wants someone to eventually read it, so it won't be in an archive then, encrypted or not. – KCotreau – 2011-07-07T10:13:17.690
@xport There is not guaranteed way to protect your document. Can you tell me more about what you are trying to protect and from whom? – KCotreau – 2011-07-07T10:14:02.493
@KCotreau you're right, but I cannot think of any way to protect a file without encrypting it in any way. – Michael K – 2011-07-07T10:14:43.973
@Michael: If I sell password-protected ebooks on the web, encrypting them in encrypted archives might not be convenient for the buyer. A bad buyer can also remove the protection and share my book on the web. – xport – 2011-07-07T10:14:49.713
"A bad buyer can also remove the protection and share my book on the web" This will always be a problem for you. A soon as the first pdf is sold, it will eventually be illegally spread over the internet. – Michael K – 2011-07-07T10:16:08.887
@slhck http://www.tech-faq.com/how-does-pdf-password-recovery-work.html
– KCotreau – 2011-07-07T10:16:20.4634@xport The real question you want to ask is "What is the best way to protect an ebook. Go ask it as a new question, and let me post some advice there, instead of in here. – KCotreau – 2011-07-07T10:19:42.380
@KCotreau. +1 and accepted. Thanks. – xport – 2011-07-07T11:36:16.553
@xport Thank you again. I really do appreciate it. – KCotreau – 2011-07-07T11:38:05.760
8
Why try to protect it ? I totally understand you don't want to find it the next day after release on p2p/rapidshare/etc... but be aware that if someone is interested to put it here your book will end here anyway, whatever you do.
Protecting the pdf with a password only guarantees you to sell one copy. The minute you mail the password to your first customer he can upload it anywhere without even cracking it, just by submitting the password with the file.
If your book draws attention on pirates networks, be happy, that means you have a market for your book ; if you are angry about it, too bad, you can't do anything !
Have a look here for a new (and successful) way to distribute your ebooks, may not be what you want but you'll see more of those initiative in the future.
Shadok
Posted 2011-07-07T10:02:31.660
Reputation: 3 760
5Theoretically every password and every encryption can be cracked. You should find a way to protect it strong enough that it would take to much effort to crack it. – Michael K – 2011-07-07T10:06:03.230
DRM is broken by design. What if a buyer uploads the password alongside the PDF? If it is a user-specific password, what hinders the user to reprint the PDF without encryption and upload that one? – Bobby – 2012-10-23T14:59:02.227