The Naked Scientists

The Naked Scientists Forum

Author Topic: Has PDF encryption been cracked ?  (Read 14050 times)

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Has PDF encryption been cracked ?
« on: 19/10/2012 01:50:51 »
Is PDF encryption crackable other than by trial and error methods, (e.g. brute force, dictionary attack).

i.e. is there a cryptographic flaw ?.

The quote below could just be scaremongering to drum up business ...

Quote
One site ... will decrypt Adobe PDF files regardless of whether they have user or owner passwords set and regardless of whether they are protected by 40 bit or 128 bit encryption.
http://www.locklizard.com/pdf-encryption-security.htm

Attached is an encrypted PDF I created, feel free to try to open it
« Last Edit: 19/10/2012 02:22:51 by RD »


 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #1 on: 19/10/2012 17:08:54 »
There are a couple of types of PDF encryption, including allowing the PDF to be read, but not printed or edited.  I believe there may be some simple work-arounds to such locking the PDFs.

Open-type encryption is more difficult to disable.  However, I believe some of the "crack" programs for MS Office, as well as Adobe products exist.
 

Offline JP

  • Neilep Level Member
  • ******
  • Posts: 3366
  • Thanked: 2 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #2 on: 19/10/2012 17:31:18 »
Quote
One site ... will decrypt Adobe PDF files regardless of whether they have user or owner passwords set and regardless of whether they are protected by 40 bit or 128 bit encryption.
http://www.locklizard.com/pdf-encryption-security.htm

Looks like scaremongering.  The site only removes printing/editing protection without using brute force.  For decryption, they use brute force attacks (though they'll offer to sell you software that accesses massively parallel clusters to do it).
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #3 on: 19/10/2012 20:35:55 »
... For decryption, they use brute force attacks (though they'll offer to sell you software that accesses massively parallel clusters to do it).

If brute force is the only way then my 20 character PDF password is safe, even with a massive array ...



https://www.grc.com/haystack.htm
 

Offline JP

  • Neilep Level Member
  • ******
  • Posts: 3366
  • Thanked: 2 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #4 on: 19/10/2012 20:41:57 »
Yup.  Unless they have a quantum computer, your file is safe.
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3823
  • Thanked: 19 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #5 on: 20/10/2012 19:54:39 »
It may not be as difficult to crack as it seems on first sight I think a little bit of clever image processing on the pixelated original could well reveal the plain text (Rather like listening to the whirring noises the Enigma machine made).
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #6 on: 20/10/2012 23:32:57 »
...a little bit of clever image processing on the pixelated original could well reveal the plain text

Squinting can sometimes descramble pixelation  ... http://en.wikipedia.org/wiki/Pixelization#Alternative_techniques

[ but not in the example above ]
« Last Edit: 21/10/2012 17:42:10 by RD »
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3823
  • Thanked: 19 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #7 on: 21/10/2012 19:20:52 »
I would like to see someone skilled in the use of Photoshop, OCR etc have a go at it by merely reducing the size about four characters become readable.
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #8 on: 22/10/2012 00:01:55 »
I would like to see someone skilled in the use of Photoshop, OCR etc have a go at it by merely reducing the size about four characters become readable.

The neighbouring numbers have an effect on the pixel pattern ...



It would be possible to create a reference database of pixel patterns of all possible 3 number groups, then compare the unknown pixel pattern with that database to decipherer it. 
« Last Edit: 22/10/2012 00:03:49 by RD »
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #9 on: 27/10/2012 23:16:25 »
Just had go with the PDF password cracking program.
A dictionary attack of 1/4 million words takes eight seconds.
It got the password "scientist" in five seconds ...



with that performance the passphrase "nakedscientist" would take about 23 days to find if you knew the password was two dictionary words concatenated.
« Last Edit: 27/10/2012 23:32:35 by RD »
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3823
  • Thanked: 19 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #10 on: 28/10/2012 00:28:19 »
As the Bletchley park crowd soon found out a little intelligent guess work will make up for a lot of lack of raw computing power.
It is almost certain that "scientist " is preceded by "Naked" one has to be so careful when encoding not to make things easy.
A little squinting or proper image processing will show some more characters in the pixelated version.
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Re: Has PDF encryption been cracked ?
« Reply #11 on: 28/10/2012 04:41:12 »
It is almost certain that "scientist " is preceded by "Naked" one has to be so careful when encoding not to make things easy.

The password cracker doesn't get partial-match feedback: it takes a guess and the answer is either yes or no as to whether the guess matches the password. They don't get info like "the second letter is an 'a' ", or "the password ends 'scientist' ", or "you've guessed 13 of the 14 letters correctly", (they don't even know how long the password is).
« Last Edit: 29/10/2012 01:37:51 by RD »
 

The Naked Scientists Forum

Re: Has PDF encryption been cracked ?
« Reply #11 on: 28/10/2012 04:41:12 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums