How good is PDF password protection?

It appears that Word's password protection is not really good, at least until Office 2003, if I read this SU entry correctly. I'm under the impression that Acrobat's PDF password protection should be better (it says 128-bit AES for Acrobat 7 and higher). Is that true?

Of course, it depends on the strength of the password used, but assuming I protect my PDF with a password like sd8Jf+*e8fh§$fd8sHä, am I on the safe side?

Like, say, for sending confidential patient information - not really valuable, but potentially highly sensitive.

Tim Pietzcker

Posted 2009-10-16T13:10:18.140

Reputation: 2 338

4Just as a side note: note that PDF can also have a password that only restricts certain usage, like to forbid printing. Those passwords are much easier cracked than passwords that protect the document itself. (But that is not what this question is about.) – Arjan – 2009-10-16T13:45:36.537

Given a few of the answers: please make clear if you want protection to avoid opening the document, or to avoid things like printing or selecting/copying text. – Arjan – 2009-10-16T16:04:28.703

I want to protect the document from being opened without the correct password. – Tim Pietzcker – 2009-10-16T19:38:57.333

Answers

From the Adobe site - Securing documents with passwords:

The Acrobat 3 And Later option uses a low encryption level (40‑bit RC4), while the other options use a high encryption level (128‑bit RC4 or AES). Acrobat 6.0 And Later lets you enable metadata for searching. Acrobat 9.0 And Later encrypts the document using the AES encryption algorithm with a 256-bit key size.

So apparently 7 will use 128-bit AES. I'd say you're very safe, especially with a password like that. The National Institute of Standards and Technology agrees:

Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key.

John T

Posted 2009-10-16T13:10:18.140

Reputation: 149 037

Of course, it depends on the strength of the password used, but assuming I protect my PDF with a password like sd8Jf+*e8fh§$fd8sHä, am I on the safe side?

With such a password your documents will be pretty much well protected. Especially under Acrobat 7 and 8.

Under Acrobat 9, Adobe made changes to the underlying algorithm. And while they upgraded the encryption to 256-bit AES, the algorithm allows for brute force and dictionary attacks to waste less processor cycles on each password interaction. You can read about it in Adobe's blog.

Necessarily, that type of password will be a strong one under Acrobat 9 and will render any brute-force or dictionary attack (pretty much the only means of breaking a pdf protected document) very inefficient methods. And while it needs to be said these tools will perform faster under Acrobat 9, it would still be years before a common user machine could eventually break your password.

One last comment, the size of your password will be the most determining factor in protection, as well as the unique count of characters. So, you can expect to provide a password such as mypaSwURD_frOM2009onMunTH#16, which is easier to memorize (includes purposed typos) and still obtain the same high security level.

A Dwarf

Posted 2009-10-16T13:10:18.140

Reputation: 17 756

On top of this, use words from a different language if you happen to speak one. A dictionary attack will always start with English as being the lowest common dominator (and very well so). – Wolf – 2009-10-16T15:00:00.850

Klingon has worked well for me, very few collisions with English words. Elvish works well too. (Especially since one of our setups at work reject ANY password with ANY English Dictionary word. Do you know how hard it is to make up passwords that work?) – lornix – 2013-07-25T03:12:36.773

Latest crackers can, on machines with the right video cards, use the GPU itself to crack passwords with a brute-force attack at a speed comparable to a super-computer.

If the password wasn't long enough, it will be cracked in a matter of minutes and up to several days.

Conclusion: Only if you use the latest Acrobat version and employ very longggg passwords and no dictionary words, will you be safe enough.

But then, all this will be a wasted effort if your password leaked to the web ...

harrymc

Posted 2009-10-16T13:10:18.140

Reputation: 306 093

I seem to remember that one could:

Obtain a free/open source PDF printer (i.e. you print to it from your application and it produces a PDF file)
Open the protected PDF in Acrobat Reader
Print the PDF to the PDF printer, thus ending up with a new PDF file with no protection.

Worth investigating.

Alan B

Posted 2009-10-16T13:10:18.140

Reputation: 337

This is the method the OP is referring to: https://www.howtogeek.com/299457/how-to-remove-a-password-from-a-pdf-file/

– Danny Beckett – 2018-05-23T17:55:53.713

1I assume the questioner is talking about a password to avoid opening the PDF file. – Arjan – 2009-10-16T16:02:41.233

-1

The simple test is to send a pdf file encrypted as V9.0 acrobat with a password similar to sd8Jf+*e8fh§$fd8sHa, and ask anyone to decrypt it. If after say 10 days no-one has replied with the contents on view then you know your data is safe. However, remember two problems with passwords. 1. Your recipient will have to know what it is - and may leak it as in the next item. 2. It's amazing how powerful key-loggers are. These read your passwords as you type them and potentially send them anywhere without you knowing. Your keyboard 'buffer' is your enemy in this respect. Even PGP suffers the same vulnerability. What's the answer? Place you data-files on a server - where you can only gain access via a two part process. E.g. see how PayPal now optionally allows access only via a new security code sent to your mobile. A PC key-logger would find this difficult to defeat unless your mobile is already infected by a key-logger!

qw211

Posted 2009-10-16T13:10:18.140

Reputation: 7

8Simply asking someone to try decrypt something and getting no response is not any guarantee of security... – David Fraser – 2013-03-06T14:57:11.903

-1

I wouldn't trust either one, frankly. Password protections built into pdf, word processing, spreadsheets, archiving software...They're nearly all hobby-ist systems, put in place to stop people who are honest, not people who are determined. Doesn't matter how securely the password is stored if there are work-arounds (Acrobat is way better than Word, however).

I'd recommend looking into GPG or PGP for actual encryption (they're basically the same program, but PGP is polished, commercial, and expensive, and gpg is open source, little rough around the edges (as far as user friendliness goes), and free-as-in-beer.) You can integrate them with email, you can save whatever document format is convenient, and you can be sure that, as long as your key exchange procedures are solid, no one is going to be reading your mail.

From a more practical...shall we say legal...point of view, going to full encryption is going to do a lot to show that you're taken due dilligence with sensitive data.

Satanicpuppy

Posted 2009-10-16T13:10:18.140

Reputation: 6 169

4It doesn't sound like you have any specific knowledge of PDF encryption, which would make your answer speculation? – Spike0xff – 2014-09-08T18:33:18.390

-2

This should be a comment to satanicpuppy, but the comments are limited to 600 characters. :-(

I support this (satanicpuppys) as being the most sensible answer.

You are looking at the strength of the password as a measure of how secure something is. In this case, you are - as an example - talking about patient data. So the security you are looking for is meant to secure the content not the algorithm or functionality (printing, saving, copy/paste).

While I agree that it might be superdifficult to print a document that is protected that way, PDF has been - and still is - dead easy to decrypt. That way the content can be descrambled and written into another file, with no restrictions whatsoever.

I am by no means a hacker, but the two Python scripts needed for that were so easy to use, even I managed to "free" my Adobe DRM-Protected ebook I just downloaded yesterday... No kidding.

And of course, you'd have a look to Elcomsoft, because there you can find any crack for virtually anything. PDF and Word at the top of the list.

Wolf

Posted 2009-10-16T13:10:18.140

Reputation: 2 425

5You are looking at the strength of the password as a measure of how secure something is. -- no, I don't think so. I think it's just to say: "I know I have to be aware of brute force dictionary attacks. So, when limiting that chance by using a strong password, how secure is PDF protection?" And your "still is dead easy to decrypt" part needs some sources, for I think it's not true. (Your ebook DRM example seems irrelevant to me here as I think in this question, just like you wrote as well, the encryption "is meant to secure the content" whereas DRM is to stop duplication.) – Arjan – 2009-10-16T15:10:28.383

You are looking at the strength of the password as a measure of how secure something is. -- no, I don't think so. -- That was what the author of the post said. He compares Adobes 128AES-Encryption to MS Word's... <br> And your "still is dead easy to decrypt" part needs some sources -- Although I don't like your agressive tone, Mr. Arjan van Bentem, I'd ask you to either google for "Adobe INEPT", look at Elcomsofts offerings or check a website with a name likely something like free my pdf. Just because my experience is different than your shouldn't make you arrogant. And don't lecture me – Wolf – 2010-01-19T17:08:36.797