Chris Faulkner wrote:
Thanks for that - it looks like the PDF decryption can only be done if you
have the owner password, although it apparently has tools to apply brute
force to crack the password, mentioning dictionary attacks. Seems like if
you keep the password long and obscure, it isn't that easy. Does anyone have
any direct experience with these tools ?
No direct experience, but I don't think elcomsoft uses brute force
but rather a design flaw, which isn't fixed even in the most recent
PDF spec. That's why they can crack 128bit encrypted PDF.
A long and obscure password, preferably containing unusual characters,
helps only against dictionary attacks. The password isn't used directly
but a 40bit respective 128bit hash of it instead. Brute force works
nicely against 40bit encryption, regardless of the original password.
It wont recover the original password though.
J.Pietschmann
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
