Answer: Very
There are a number of advantages in using PDF documents, and chief amongst the benefits is the ability to secure the document with the help of a password, as compared to other image files such as TIFFs or JPEGs. If you password protect PDF files then you can restrict the ability of a user in duplicating, editing or accessing text from the document and in some cases prevent the user from printing it. But PDF password protection is not as secure as it might seem…
Unfortunately, in spite of the best interests of the creator of the PDF document to secure the text or other content contained in the file, password protected PDFs can easily be cracked and the document security features removed. A simple search on any major search engine will reveal numerous PDF password removal applications and workarounds that are easily and freely available online. These can be used in unlocking almost any secure PDF for unauthorized edits, sharing, and use with optical character recognition software.
A large number of companies continue to employ reusable, standard passwords to password protect PDF files. Unsurprisingly, these same standard passwords are also used in various other business applications, intranets and extranets, e-mail, CRM and other business programs within the organization. Maintaining confidential information or sensitive data in PDF documents with reusable or standard passwords is highly insecure and risky. This is because passwords can easily be hacked, stolen or guessed (the majority of passwords are weak and the most popular password is 123456); and once the password has been compromised, the PDF document is no longer secure.
In most cases, the document owner is rarely aware that their passwords have been compromised and if the hacker is smart, the fact that the attack has taken place also might never be discovered. For organizations and companies, this means that sensitive business data can be easily duplicated, edited, deleted or even read by unauthorized sources without anyone even knowing a security breach has occurred.
In spite of technological advancements and education surrounding the importance of strong passwords for confidential business information, a large number of companies still have a poor understanding of how easy it is for anybody outside the system to subtly hack into their data. Standard password-based PDF documents are often reused with the same credentials and in most cases these credentials are stored in a password database that is typically maintained on the company’s system. Hence the password to the document can either be acquired by snooping on the user’s network connection, hacking the system’s password file, keyboard tapping or keystroke capturing, stealth infection, searching online for a simple password removing application, or simply by guessing the password or using dictionary attacks. There are a number of powerful password cracking applications that are able to decrypt any password within seconds or minutes through a standard computer – the shorter the password the quicker it is to crack.
ElcomSoft’s Advanced PDF Password Recovery software makes it easy to remove both password encryption and usage restrictions from Adobe Acrobat PDF files. It provides super-fast guaranteed recovery of PDF files with 40-bit encryption.
Password protected PDF files received in Gmail are easily cracked. If you select ‘View as HTML’, the full text of the document will display as HTML, even if the original PDF is secured against content copying/extraction.
AES 128 bit and 256 bit protected PDFs can be cracked. It is the password rather than the encryption algorithm that is cracked using dictionary and brute force attacks.
Acrobat 9 passwords (vs Acrobat 8) can be cracked 100 times quicker by brute force attacks due to a weakened password verification mechanism.
Acrobat X/XI/DC no longer offer Acrobat 9 encryption (PDF 1.7) for protecting new documents (only for decrypting existing documents) due to a weakness in the password checking algorithm.
 |
Types of PDF Passwords & how to crack them |
You can protect Adobe PDF files with two different passwords:
Free PDF password cracking tools will normally only remove the permissions password although some will also remove the PDF document open password if the PDF has been encrypted with 40 bit encryption. However, when it comes to removing PDF restrictions you don’t even need to use a PDF password cracker program – there are other simpler methods – see Removing PDF Restrictions.
To remove the Permissions password you must know the Document Open password. If you don’t then you need to purchase a PDF password cracking program to remove it (free PDF password crackers only remove the permissions password. Some will remove the Document Open password if the document was protected with 40 bit encryption but this is rare unless it was protected with a very old version of Adobe Acrobat). One of the first and best programs for cracking PDFs is Elcomsoft’s Advanced PDF Password Recovery. The professional edition removes PDF document open and permissions passwords using both brute force and dictionary attacks.
 |
How do PDF Password cracker tools work? |
PDF Password cracking tools (usually marketed as PDF Password Recovery tools for legal reasons) use several techniques to remove a PDF Document Open password:
See PDF Password Remover tools for a list of programs that unlock PDF files and how to remove PDF Restrictions without using Password cracking tools.
 |
How long does it take to crack PDF Passwords? |
Any PDF password cracking software can easily remove the Permissions password (and thus the document restrictions) in seconds.
Time to crack the Document Open password will depend on:
Brute force and dictionary attacks can therefore take several days or more to crack a PDF password depending on the above factors. If the PDF password is particularly long you might be waiting a while!
Cracking of PDF files encrypted with 40-bit keys usually takes a few minutes if you use Elcomsoft’s Enterprise edition of Advanced PDF Password Recovery. This is because it attacks the encryption key instead of attempting to guess the password. Other PDF password crackers will take 1-2 days to crack 40 bit encrypted PDFs.
Adobe 9 passwords using AES 256 bit are 100 times quicker to crack because of a security implementation flaw – a password checking routine consist of just one call to SHA256 hash function. It is not the AES 256 bit algorithm at fault but the password checking routine implemented by Adobe which checks if you have entered the correct password or not.
 |
Protection against PDF password cracking |
It is now more critical than ever to employ potent authentication and encryption to secure sensitive PDF documents. In an ideal situation, organizations should get rid of standard, reusable passwords in favor of strong authentication methods like public key technology, tokens, and dongles. Most firms bury their heads in the sand, hoping that their password protected PDF documents remain safe. However, it only takes one incident; an occasion where confidential information is breached that can put the entire reputation of the organization at stake. It is important to consider all that is being risked – the company’s business privacy, client’s confidential data, and financial penalties.
To prevent the unauthorized use of your PDF documents, you need to ditch your password protected PDF files for a PDF DRM system that uses public key technology. With public key technology, there are no PDF passwords to share, break, or forget – decryption keys are securely and transparently transferred and locked to authorized client computers. Locklizard’s PDF document security offers additional security features beyond simple PDF password protection. You can stop screen grabbing software, enforce expiry dates, revoke PDF files at any stage, restrict access to specific users, and log document use.
If you don’t want any real security for your PDF documents then password protecting PDF files is a cheap solution, but if you want to effectively control access to your PDF files no matter where they reside, then you need a PDF DRM system to control access and use.
