Adobe Admits New PDF Password Protection Is Weaker

From PC World: Adobe made a critical change to the algorithm used to password-protect PDF documents in Acrobat 9, making it much easier to recover a password and raising concern over the safety of documents, according to Russian security firm Elcomsoft.

Elcomsoft specializes in making software that can recover the passwords for Adobe documents. The software is used by companies to open documents after employees have forgotten their passwords, and by law enforcement services in their investigations.

For its Reader 9 and Acrobat 9 products, Adobe implemented 256-bit AES (Advanced Encryption Standard) encryption, up from the 128-bit AES encryption used in previous Acrobat products.

The original 128-bit encryption is strong, and in some cases it would take years to test all possible keys to uncover a password, said Dmitry Sklyarov, information security analyst with Elcomsoft.

But Elcomsoft said the change in the underlying algorithm for Acrobat 9 makes cracking a weak password -- especially a short one with only upper and lower case letters -- up to 100 times faster than in Acrobat 8, Sklyarov said. Despite using 256-bit encryption, the change to the algorithm still undermines a document's security.

View: Article @ Source Site