Is Adobe PDF encryption secure?
Adobe PDF security uses encryption to protect PDFs and allows you to apply permissions to control what a user can do with a document (print or edit it). The PDF is encrypted with a password (the encryption key) but weak passwords (short or non-complex passwords) can be easily removed in seconds with password recovery or removal software.
Many people think that using Adobe AES 256 bit encryption is much stronger than using 128 bit encryption. However the Adobe implementation of 256 bit encryption (introduced in Acrobat 9) uses just one call to verify the password instead of the 71 calls for 128 bit encryption. Brute-force password attacks therefore became much quicker – back in 2008 Elcomsoft said that a single GPU could process 100 million passwords per second. Adobe released an update to resolve the issue using PDF 1.7 Extension Level 8 (Acrobat X and above) which became part of the PDF 2.0 specification. When you encrypt a PDF it is therefore not a good idea to provide backwards compatibility for PDF v9 files (PDF 1.7 Extension Level 3 or below).
PDF permissions (restrictions) can be easily removed regardless of how strong the password is or the encryption algorithm used, and are therefore completely useless – see Removing PDF Passwords.
What PDF encryption algorithm should I use?
The US government approved an algorithm called AES for protecting US government information that is confidential. It has two key lengths, 128 bit and 256 bit (16 or 32 bytes of data). Other algorithms may be available in PDF encryption software but they do not have the recommendation of the US Government.
The PDF 2.0 specification recommends AES 256 bit. However, either key length is perfectly fine – AES 128 bit has a stronger key schedule whereas AES 256 bit is more resitant to brute force attacks. AES 128 bit is faster and more efficient, and cracking AES 128 with a quantum computer would take about 200 times longer than the universe has existed. As they say, size does not always matter – it is what you do with it that counts…
The most important factor is the password length and complexity (a strong password will use multiple unicode characters). Using AES 128 bit with a complex 32 character password is more secure than using AES 256 bit with a complex 16 character password. This is because password crackers attack the password and not the encryption algorithm because they are much easier to break.
However, as mentioned above, even if the PDF encryption software uses AES encryption, if the implementation is not secure then the protection is useless.