> From: [email protected] [mailto:[email protected]] On > Behalf Of Scott Ehrlich > > How safe is a password-protected PDF file sent via email? > > I've never run a sniffer to see what could be learned from doing this.
It varies according to the application that creates / encrypts the pdf. But that's probably not very significant. Most of all, there's basically no way to generate a strong enough password to withstand a brute force attack ... Because if you have some secure channel to securely communicate a 43-char long random alphanumeric string with 256bits of binary degrees of freedom, you would probably just use that channel to send the pdf directly. Later versions of Acrobat support S/MIME keys, which are strong enough. You do a key exchange with some recipient and then encrypt, it'll be pretty secure. But complexity is a bit too high for most people. But I see a lot of VPN's out there, and other stuff, configured by people who just don't know or don't care about that. So assuming you're not afraid of a brute force attack... In acrobat 3, they supported 40-bit RC4. Not considered secure today. acrobat 6, 128-bit RC4. Still not secure. acrobat 7, 128-bit AES. Maybe secure today, depending on your needs acrobat 9, 256-bit AES. Generally considered secure today as long as you have a sufficiently strong key (on the order of 256 bits effective entropy) The above are maximums. The default selection is one behind for compatibility reasons. In acrobat 9, you click on security to add encryption to pdf ... the default selection is acrobat 7 128-bit AES. _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
