pdf password protection

Unlock PDF Files

Remove PDF Password Protection

Removing passwords from PDF files

A History of PDF Password removal

It is possible to use passwords to protect PDF files from being opened, printed or altered. A PDF file that has been secured with the help of a strong and robust password has supposedly enough protection in order to avoid duplication or distribution by unauthorised users (assuming of course that the recipient who has been given the password in order to open it does not share this with others…). The creator of a PDF file can use password protection to limit user access to the file (document contents are encrypted), prevent printing, copying of text from the file, and editing the content in the document. However, the question arises as to what needs to be done if the original password created by the user has been forgotten?

Free 15 Day Trial

Secure PDFs without Passwords

Stop unauthorized access and sharing
Control use – stop copying, editing, printing, etc.
Lock PDFs to devices, countries, locations
User and PDF expiry, revoke files at any time

There are a number of PDF password remover tools that are easily available on the Internet in order to access lost passwords. Here, it is important to mention that PDF password protection remover tools were initially invented to be used only under appropriate circumstances – that is only if the original creator of the PDF file has lost the password and if the user has the legal right to view and modify the PDF but does not have the password. However as with all applications their use was quickly misused for gaining access to files by unauthorized users and/or removing PDF restrictions.

One might ask how PDF password remover tools came to be so effective? This article provides a clue – How Adobe encrypts PDF files – “Adobe’s PDF protection scheme is a classic example of security through obscurity. They encrypt the content of a PDF file and hope that no one figures out how to decrypt it.”

Not only are PDF password remover programs highly effective in easily decrypting PDF files, but many of them are available for free. They use various methods to remove PDF passwords such as dictionary attacks – basically they have a massive dictionary of popular and common passwords, and they will try all of them to see if any work. The process takes maybe a few minutes to run through thousands of these. Typical passwords NOT to use include: 123456, 123456789, password,. admin, 12345678, qwerty, 1234567, 111111, photoshop, 123123, 1234567890, 000000, abc123, 1234, adobe1, macromedia, azerty, iloveyou, aaaaaa, 654321, fred. If you want to share PDF files securely then using obvious passwords is not going to provide much protection.

PDF Password cracking Timeline

2001
Adobe PDF Security and FileOpen cracked
Feds arrest Russian cracker for breaking Adobe’s PDF security controls. Last year ElcomSoft produced a piece of software that cracked FileOpen’s code since it relies on Adobe Acrobat to provide PDF security.
2003
Elcomsoft break 40 bit Adobe PDF Encryption
ElcomSoft’s Advanced PDF Password Recovery software makes it easy to remove both password encryption and usage restrictions from Adobe Acrobat PDF files. It provides super-fast guaranteed recovery of PDF files with 40-bit encryption.

2003
2006
ElcomSoft release PDF password cracker that breaks 128 bit encryption
ElcomSoft’s CEO said that document-level password protection technically isn’t DRM (digital rights management). Because of the plug-in architecture of Acrobat and PDF readers, it makes PDF a less-secure platform for DRM.
2007
Adobe 8 PDF password security broken
A single click of a button in pdf-Recover will remove the password, regardless of whether it has been encrypted using 40-bit RC4, 128-bit RC4 or even the latest 128-bit AES Adobe 8 Generation technology.

2007
2008
Elcomsoft removes Adobe Acrobat PDF 9 passwords easily
ElcomSoft claim that despite the 256-bit encryption Acrobat 9 passwords are susceptible to more efficient brute forcing than Acrobat 8 due to poor implementation – a password checking routine consist of just one call to SHA256 hash function.

Types of PDF Passwords

In the Adobe PDF standard there are two passwords you can apply to encrypt a PDF file:

The Document Open password – required to open the PDF
The Permissions password – required to set, change, or remove PDF restrictions

The stronger the document open password the longer it will take to crack or remove with PDF password remover tools. The permissions password however can be broken trivially no matter how strong it is due to inherant weaknesses (or flaws) in the design of the Acrobat Standard Security handler. See How Secure Is PDF?

In fact, when it comes to removing PDF permissions you don’t even need to use a PDF password remover program – there are other simpler methods – see Removing PDF Restrictions below – to trivially remove the permissions password and do what you like with the document

You therefore must add a Document Open password to the PDF or the permissions password can be simply removed. However the dilemma here is that people you are sending protected PDF documents to need to have the Document Open password in order to read them. So the only protection provided is if someone (i.e. an unauthorized user) gets hold of a protected PDF, not knowing what the password is. But even here PDF password remover companies provide PDF cracking tools that will remove the Document Open Password unless it is very strong.

Types of PDF Password remover tools & technology

If you are looking at PDF password remover tools for your legitimate use (to unlock PDF files that you have forgotten the password for) then you will need to exercise a great deal of caution with freely available password remover tools. Most password remover tools that are free require the user to download irrelevant software onto their computer. Some PDF password remover tools, for example a well known password remover software known as “PDF Unlocker”, gets the user to install unnecessary plug-ins and browser toolbars in order to use the tool. It is important to be highly cautious while downloading such tools, as often these additional extensions and plug-ins are nothing but completely unnecessary bloatware that slow down computer performance.

Current cracking tools use several techinques to remove a PDF User password and unlock PDF files:

Common password lists – this tries the most poplular words people often use as password – e.g. password, master, 123456, etc. If the common passwords fail they switch to using words from dictionaries.
Dictionary attacks – this tries common words found in a dictionary, often in several different languages. Single dictionary words can be cracked in minutes.
Brute force – they start with a password that is a blank field, add 1 bit and try that. If it fails they add another bit and try again until they find it, which is guaranteed. So the shorter the password the quicker the cracker gets there.
Rainbow table – a list of pre-computed hashes (the numerical value of an encrypted password) of all possible password combinations for any given hashing algorithm.

How to remove password from PDF files

To remove PDF password protection from a PDF file, look into some of these safe PDF password remover tools:

PDF Password remover tools

Elcomsoft – removes PDF user and owner passwords. Adobe PDF user passwords removed by brute force and dictionary attacks
Openwall – a fast password cracker for PDF and other file types
Gua PDF – for small PDF files, when the Owner password has been forgotten or misplaced
Wondershare PDF Password Removal – PDF decryption tool for removing PDF permissions password
Free My PDF – a web-based PDF encryption removal tool for removing PDF restrictions
PDF unlock – through the web portal of the software, password protection from PDF documents can be removed (pdf restrictrions removal only)

All of the PDF password remover tools can easily remove the Permissions password (and thus the document restrictions) in seconds.

However the document open password may be harder to remove depending on the strength of the password used (length and character combination) and the encryption algorithm. In order to remove the PDF document open password you will have to purchase PDF password remover software as freeware only lets you remove the permissions password (removes PDF restrictions). Some companies such as Elcomsoft specialize in PDF password remover tools using various methods such as dictionary attacks and brute force to eventually crack the password.

Be wary of PDF password remover tools that offer an online service because you have to upload your PDF file to their servers and it is decrypted there. If you have confidential information stored in the PDF you may therefore want to consider PDF password remover software that you install on your computer.

Reasons not to Password Protect PDF files

Password removal software
Password removal or password cracking programs have been around a long time as free web downloads and are very effective.
Passwords are insecure
There are lists of popular passwords, showing that manual password selection is seriously flawed as an approach. PDF password removal programs take advantage of this.
Any password can be removed
Some password removal programs, such as those from Elcomsoft, target very specific environments – removing Adobe PDF passwords, ZIP, RAR, Microsoft Office XP, PGP Keys, etc.
PDF passwords can be removed in seconds
Access is often provided within seconds or minutes – the weaker the PDF password the easier it is to remove. An Adobe permissions password can be removed in seconds no matter how strong it is.

Removing PDF Restrictions without Password remover tools

PDF permissions are ‘protected’ with the use of an Permissions password. However the Permissions password can be easily removed in seconds without using PDF password remover tools:

they can be bypassed easily using a Mac – see Bypassing Adobe Security controls on the Mac
third party PDF readers do not have to honor these controls so they may not necessarily be applied anyway
using Google Drive – see Print secured PDF files & remove restrictions passwords

The reason PDF restrictions password removal is so simple is that Adobe relies on the honor system for PDF password security (i.e. please obey the restrictions placed on this document). So it would be fair to say that applying PDF Permissions passwords are a waste of time because all of the above methods effectively renders them useless.

Remove protection from PDF files – is it that easy?

A well-known technology website offered technical experts the opportunity to crack a 10,000+ entry-encrypted password document and asked them to breach into the security of the file. The winner of the project was able to get over 95 percent of the entries while the other participants were able to crack 75 percent, in just a matter of few hours. How the ‘crackers’ did it was through the unfortunate and irresponsible use of non-randomized passwords by the account holders. Some of the commonly used passwords in the encrypted file included “123456,” “1234567,” “password,” hello123,” “hello1,” “admin” etc.

Locking PDF documents with passwords is an extremely sensitive concern given the value and importance of the contents contained within them. Having said that, it is also important for users to be extremely cautious when sharing PDF files and documents amongst one another, as this may cause documents to be inadvertently leaked to unauthorized parties. There have been cases where even after much caution; documents have fallen into unintended hands. This is why it is extremely significant to integrate additional safety measures to documents in addition to strong PDF passwords.

Unlocking password protected PDFs is more likely if the password protecting them is simple and weak – PDF documents are only as safe as the passwords that are safeguarding them. To prevent the data breach of a PDF file, make use of passwords that are more than seven characters long and that also include at least one number and one special character. Experts widely agree that simple words such as a straight dictionary word should not be used. Also, refrain from using short length passwords. See PDF Password Tips.

Protection against PDF password remover tools

To prevent users removing PDF protection, employ a secure solution that does not use passwords for protection or exposes keys to users or any third party interfaces or applications.

Locklizard PDF protection software for example protects PDF documents without the use of passwords so there are none to forget or pass on to others.

We use AES 256 bit encryption, real-time licensing, and public key technology, and keys are not exposed to any interface for attack so unauthorized users cannot unlock PDF files. We do not rely on Adobe for security (the Adobe Security Handler is seriously flawed) or insecure plugins to any third party applications – see our DRM Technology for the methods we use to protect PDFs from unauthorized use or misuse. PDF files are locked to individual devices so they cannot be shared and additionally can be locked to IP ranges and country locations.

Protect and control your PDF documents securely no matter where they reside.

Customer Testimonials

PDF Password Protection	Password Protecting PDFs	History of PDF Passwords	Using Passwords to Protect PDF files
How to Password Protect PDFs	Remove PDF Password Protection	Cracking Password Protected PDFs	Protect PDFs without Passwords
PDF Security Issues	PDF Digital Rights Management	PDF Encryption	PDF Security