Need better security
2 views
Skip to first unread message
p-pdf-general Listmanager
Jun 15, 2005, 10:01:33 PM6/15/05
to
From: "cbudde" <skyw...@yahoo.com>
--------- Planet PDF Forum | http://forum.planetpdf.com ----------
Is there a 3rd party product that provides security that a program like Advanced PDF Password Recovery can't hack. I need to make artfiles available for viewing but have found that Acrobat's 128 bit security is hackable. An suggestions?
To reply: mailto:p-pdf-gene...@forum.planetpdf.com
To start a new topic: mailto:p-pdf-...@forum.planetpdf.com
To login: http://forum.planetpdf.com/
To (un)subscribe: mailto:p-pdf-general...@forum.planetpdf.com
--------------------------------------------
Nitro PDF Desktop. PDF for the people. PDF for business.
Now you have a choice! Nitro PDF Desktop is a cost-effective, fully-featured PDF creation and editing tool for everyone.
Buy now for $99.
http://www.nitropdf.com/desktop
--------------------------------------------
--------- Planet PDF Forum | http://forum.planetpdf.com ----------
Is there a 3rd party product that provides security that a program like Advanced PDF Password Recovery can't hack. I need to make artfiles available for viewing but have found that Acrobat's 128 bit security is hackable. An suggestions?
To reply: mailto:p-pdf-gene...@forum.planetpdf.com
To start a new topic: mailto:p-pdf-...@forum.planetpdf.com
To login: http://forum.planetpdf.com/
To (un)subscribe: mailto:p-pdf-general...@forum.planetpdf.com
--------------------------------------------
Nitro PDF Desktop. PDF for the people. PDF for business.
Now you have a choice! Nitro PDF Desktop is a cost-effective, fully-featured PDF creation and editing tool for everyone.
Buy now for $99.
http://www.nitropdf.com/desktop
--------------------------------------------
p-pdf-general Listmanager
Jun 15, 2005, 10:07:48 PM6/15/05
to
From: "prodok" <m...@prodok.com>
What actions do you want to protect or prevent?
Are the files for a small or a big range of users?
How do you distribute the files?
How much are you willing to spend?
A bunch of questions, agreed. But they may lead to some products, or
thinking about what is needed.
Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland
Fax: +41 44 700 20 37
or +1 815 425 6566
e-mail: mailto:m...@prodok.com
http://www.prodok.com
[ Building Bridges for Information ]
______________________
What actions do you want to protect or prevent?
Are the files for a small or a big range of users?
How do you distribute the files?
How much are you willing to spend?
A bunch of questions, agreed. But they may lead to some products, or
thinking about what is needed.
Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland
Fax: +41 44 700 20 37
or +1 815 425 6566
e-mail: mailto:m...@prodok.com
http://www.prodok.com
[ Building Bridges for Information ]
______________________
p-pdf-general Listmanager
Jun 15, 2005, 10:14:02 PM6/15/05
to
From: "cbudde" <skyw...@yahoo.com>
Need to protect against changing and/or printing files
Files are for a select but tech savvy group
Distribution is via web and email
Willing to spend up to $500
Need to protect against changing and/or printing files
Files are for a select but tech savvy group
Distribution is via web and email
Willing to spend up to $500
p-pdf-general Listmanager
Jun 15, 2005, 10:19:13 PM6/15/05
to
From: "Duff_Johnson" <du...@document-solutions.com>
that's a lot of $ and hassle.
What you say "hackable", what password string did you test? Was it >15
characters long, including number, letters, etc?
My understanding (and I am not fully up to date on APDFPR), is that with
the right type of password, the time-to-crack makes the attempt
meaningless.
I could be wrong, but you should try a nasty password string before
giving up on it.
Duff Johnson
Document Solutions, Inc.
http://www.document-solutions.com
> Is there a 3rd party product that provides security that a
> program like Advanced PDF Password Recovery can't hack. I
> need to make artfiles available for viewing but have found
> that Acrobat's 128 bit security is hackable. An suggestions?
There is... Authentica and Adobe's systems come to mind. However,
> program like Advanced PDF Password Recovery can't hack. I
> need to make artfiles available for viewing but have found
> that Acrobat's 128 bit security is hackable. An suggestions?
that's a lot of $ and hassle.
What you say "hackable", what password string did you test? Was it >15
characters long, including number, letters, etc?
My understanding (and I am not fully up to date on APDFPR), is that with
the right type of password, the time-to-crack makes the attempt
meaningless.
I could be wrong, but you should try a nasty password string before
giving up on it.
Duff Johnson
Document Solutions, Inc.
http://www.document-solutions.com
p-pdf-general Listmanager
Jun 15, 2005, 10:31:45 PM6/15/05
to
From: "prodok" <m...@prodok.com>
> Files are for a select but tech savvy group
OK
> Distribution is via web and email
OK
> Willing to spend up to $500
per file?
if in total, forget it.
Hope, this can help.
Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland
Fax: +41 44 700 20 37
or +1 815 425 6566
e-mail: mailto:m...@prodok.com
http://www.prodok.com
[ Building Bridges for Information ]
______________________
> Need to protect against changing and/or printing files
OK
> Files are for a select but tech savvy group
> Distribution is via web and email
> Willing to spend up to $500
if in total, forget it.
Hope, this can help.
Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland
Fax: +41 44 700 20 37
or +1 815 425 6566
e-mail: mailto:m...@prodok.com
http://www.prodok.com
[ Building Bridges for Information ]
______________________
p-pdf-general Listmanager
Jun 15, 2005, 10:39:00 PM6/15/05
to
From: "cbudde" <skyw...@yahoo.com>
Tried: 3as((=dtll:"c1@ and it took about .10 seconds to crack. This lack of security thing sucks....
Tried: 3as((=dtll:"c1@ and it took about .10 seconds to crack. This lack of security thing sucks....
p-pdf-general Listmanager
Jun 16, 2005, 12:30:46 AM6/16/05
to
From: "Duff_Johnson" <du...@document-solutions.com>
--------- Planet PDF Forum | http://forum.planetpdf.com ----------
> Tried: 3as((=dtll:"c1@ and it took about .10 seconds to
> crack. This lack of security thing sucks....
Hmm...
Just for the hell of it, try a 100 character string, see if it makes any
difference. Tell us what you find out.
--------- Planet PDF Forum | http://forum.planetpdf.com ----------
> Tried: 3as((=dtll:"c1@ and it took about .10 seconds to
> crack. This lack of security thing sucks....
Just for the hell of it, try a 100 character string, see if it makes any
difference. Tell us what you find out.
p-pdf-general Listmanager
Jun 16, 2005, 12:43:11 AM6/16/05
to
From: "nkatz" <nk...@aspensys.com>
Note that Advanced PDF Password Recovery does character-by-character
attacks only when there are both Master and Open passwords; when the PDF
file only has a Master password, it is effectively instantaneous to
strip the security and write out a new (unsecured) copy of the file.
Noah Katz
Development Analyst
Aspen Systems Corp.
mailto:nk...@aspensys.com
301-519-6436
.
The information contained in this transmission may be attorney/client
privileged and/or confidential information intended for the use of the
individual or entity named above. If you are not the intended recipient,
please let us know by return email and delete it from your system. If
you are not the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited.
Note that Advanced PDF Password Recovery does character-by-character
attacks only when there are both Master and Open passwords; when the PDF
file only has a Master password, it is effectively instantaneous to
strip the security and write out a new (unsecured) copy of the file.
Noah Katz
Development Analyst
Aspen Systems Corp.
mailto:nk...@aspensys.com
301-519-6436
The information contained in this transmission may be attorney/client
privileged and/or confidential information intended for the use of the
individual or entity named above. If you are not the intended recipient,
please let us know by return email and delete it from your system. If
you are not the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited.
p-pdf-general Listmanager
Jun 16, 2005, 12:47:25 AM6/16/05
to
p-pdf-general Listmanager
Jun 16, 2005, 12:48:06 AM6/16/05
to
From: aandi
Was that an OPEN password?
Was that an OPEN password?
p-pdf-general Listmanager
Jun 16, 2005, 12:52:37 AM6/16/05
to
p-pdf-general Listmanager
Jun 16, 2005, 12:55:54 AM6/16/05
to
From: "cbudde" <skyw...@yahoo.com>
--------- Planet PDF Forum | http://forum.planetpdf.com ----------
No, If it had open passwords the hack program would not work. I can't have open passwords because of the distribution situation.
--------- Planet PDF Forum | http://forum.planetpdf.com ----------
p-pdf-general Listmanager
Jun 16, 2005, 1:06:16 AM6/16/05
to
From: aandi
I think all of this discussion was on the basis that you had Open passwords.
I think all of this discussion was on the basis that you had Open passwords.
p-pdf-general Listmanager
Jun 16, 2005, 2:03:30 AM6/16/05
to
From: "Duff_Johnson" <du...@document-solutions.com>
me from downloading the damn thing myself.
> Note that Advanced PDF Password Recovery does character-by-character
> attacks only when there are both Master and Open passwords;
> when the PDF
> file only has a Master password, it is effectively instantaneous to
> strip the security and write out a new (unsecured) copy of the file.
>
> Noah Katz
Ah... thanks, Noah! I knew there was something funny going on. Saved
> attacks only when there are both Master and Open passwords;
> when the PDF
> file only has a Master password, it is effectively instantaneous to
> strip the security and write out a new (unsecured) copy of the file.
>
> Noah Katz
me from downloading the damn thing myself.
p-pdf-general Listmanager
Jun 16, 2005, 4:48:23 AM6/16/05
to
From: "deanlaffan" <em...@realworld.com.au>
files, just that then it IS reduced to brute force attack. In a
brute force attack obviously the key length (number and type of
characters in your password matter)
Without an Open password APDFPR it is trivial for Elcomsoft or any
other programmer to open the file and 'see' where the password is
stored in the file. It then supplies the password to the Acrobat
file and offers to save you a a version without the file. This
process exploits a lack of security in the way Adobe have implemented
security for PDFs.
Knowing the above you can see that any other third party security
measure is going to be hostage to the same weakness unless it adds
another layer of security via it's own. So this will not change
until Adobe re-engineer PDF security.
To be fair to Adobe, this is not a problem unique to them, for every
one person paid a salary to write code there are probably 100 highly
motivated hackers who want to break that security. These need not
(mostly are not) malicious but are usually motivated by the exposure
and kudos that comes from the publicity. Witness the hacking of the T
Mobile system that resulted in Paris Hilton's address book and soft
porn pics published all over the net. The payoff for the kids (and
they were) was the gleeful distribution of the pics and details.
That said, going forward, secirity experts belive an increasing % of
attacks will indeed be malicious as organised crime (worldwide)
tumbles to the scalability and electronic cash aspects of cybercrime.
Regards
Dean Laffan
Real World Productions
93 Lucerne Crescent
Alphington, 3078
Victoria, Australia
Studio 61-3-9443-1644
Mobile 0418-525-315
http://www.realworld.com.au
On 16/06/2005, at 4:55 AM, p-pdf-general Listmanager wrote:
> No, If it had open passwords the hack program would not work. I
> can't have open passwords because of the distribution situation.
It's not that APDFPR won't work against Open password protected
> No, If it had open passwords the hack program would not work. I
> can't have open passwords because of the distribution situation.
files, just that then it IS reduced to brute force attack. In a
brute force attack obviously the key length (number and type of
characters in your password matter)
Without an Open password APDFPR it is trivial for Elcomsoft or any
other programmer to open the file and 'see' where the password is
stored in the file. It then supplies the password to the Acrobat
file and offers to save you a a version without the file. This
process exploits a lack of security in the way Adobe have implemented
security for PDFs.
Knowing the above you can see that any other third party security
measure is going to be hostage to the same weakness unless it adds
another layer of security via it's own. So this will not change
until Adobe re-engineer PDF security.
To be fair to Adobe, this is not a problem unique to them, for every
one person paid a salary to write code there are probably 100 highly
motivated hackers who want to break that security. These need not
(mostly are not) malicious but are usually motivated by the exposure
and kudos that comes from the publicity. Witness the hacking of the T
Mobile system that resulted in Paris Hilton's address book and soft
porn pics published all over the net. The payoff for the kids (and
they were) was the gleeful distribution of the pics and details.
That said, going forward, secirity experts belive an increasing % of
attacks will indeed be malicious as organised crime (worldwide)
tumbles to the scalability and electronic cash aspects of cybercrime.
Regards
Dean Laffan
Real World Productions
93 Lucerne Crescent
Alphington, 3078
Victoria, Australia
Studio 61-3-9443-1644
Mobile 0418-525-315
http://www.realworld.com.au
Reply all
Reply to author
Forward
0 new messages