[PDF] Protecting a PDF document with a password.
Bethune Sylvain
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Hi,
I want to protect PDF documents with a password on-the-fly on HP platform.
I looked in the archive and it seems it's possible but I had no success
trying to produce just a single password-protected PDF file.
Anybody here has a password-protected PDF example?
Anybody here knows how to set up this protection?
Thanks by advance,
____________________________________________
Sylvain BETHUNE
E-Business Communication Association -
Learn More About Membership
http://www.ebusinessca.com/
----------------------------------------------------------------------------
Aandi Inston
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
> I want to protect PDF documents with a password on-the-fly on HP platform.
> I looked in the archive and it seems it's possible but I had no success
> trying to produce just a single password-protected PDF file.
Ok, what did you try? What software did you use? And how did it fail?
Aandi
Bethune Sylvain
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Adobe does not support any more Acrobat for HP platform.
I tried these libraries:
http://www.pdflib.com/
http://www.etymon.com/pj/index.html
http://www.rrsys.com/
http://www.retep.org.uk/pdf/
http://www.lowagie.com/iText/
Not found anything there about password encryption management(but maybe I'm
wrong).
No more success here:
http://www.sanface.com/pdfcrypt.html
and there:
http://www.perlstudio.de/pdfever/pdownload.html
Sylvain.
> -----Message d'origine-----
> De: Aandi Inston [mailto:listr...@quite.com]
> Date: Thursday, July 12, 2001 11:24
> À: p...@lists.pdfzone.com
> Objet: RE: [PDF] Protecting a PDF document with a password.
Max Wyss
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Sylvain,
You might look at the products by Appligent, formerly known as
Digital Applications, (http://www.appligent.com). They do have an
extensive collection of UNIX based utilities, and I think their
security tool is ported to HP and could do what wou want to do.
Hope, this can help.
Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland
Fax: +41 1 700 20 37
e-mail: mailto:m...@prodok.com
http://www.prodok.com
[ Building Bridges for Information ]
______________________
>I want to protect PDF documents with a password on-the-fly on HP platform.
>
>I looked in the archive and it seems it's possible but I had no success
>trying to produce just a single password-protected PDF file.
>
>Anybody here has a password-protected PDF example?
>Anybody here knows how to set up this protection?
>
E-Business Communication Association -
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Dov, Aandi, Jason, Max and many other gurus on the list:
Pls comment PDF's security issues in respect to ElcomSoft's AEBPR
"cracking" engine
We obviously need urgent ideas and remedies to avoid/limit damages.
TIA
Best,
Adrian
Please read below:
========QUOTE FROM:================
http://www.wizaerdsrealm.com/forum/index.php?pAction=ShowMessages
Posted By: The PDF Expert
Message: An update to my initial statement.
I said, "I have used the utility sold by ElcomSoft, and can confirm
that it can remove PDF permissions .... An hour ago I used the latest
version of
the ElcomSoft utility (aebpr 2.2) and it also removed the File Open
password instantly.
This new version will also remove most, if not all DRM (digital
rights management) features from Adobe eBooks that are designed only
to be read with the Adobe eBook Reader version 2.2. I have also
tested this with a secured eBook from Adobe's own website, and can
confirm that all DRM security features can be removed and the eBook
can be made into a plain old PDF file with no security at all.
So ladies and gents, there you have it. PDF security, even with 128
bit encryption is completely dead in the water.
The moment you give the file open password to anyone, all excryption
and security gets flushed down the toilet with a very simple and
inexpensive (there's even a free working demo) utility, that anyone
can get their hands on.
If anyone doesn't believe me then feel free to post a fully
protected PDF somewhere and send me the link via email at:
bry...@sympatico.ca
In a few minutes I will be able to send you back a completely
unprotected version of your file, as well as a second version with
brand new passwords of my choosing, and you won't even be able to
open your
own stuff!!!
If that doesn't scare you, then I guess nothing will ((-:
========ENDQUOTE================
========ANOTHER QUOTE FROM:================
http://www.ElcomSoft.com/aebpr.html
Now it's time for the brutal truth on Adobe eBook protection
We claim that ANY eBook protection, based on Acrobat PDF format (as
Adobe eBook Reader is), is ABSOLUTELY insecure just due to the nature
of this format and encryption system developed by Adobe. The general
rule is: if one can open particular PDF file or eBook on his computer
(does not matter with what kind of permissions/restrictions), he can
remove that protection (by converting that file into "plain",
unprotected PDF. Not very much experience needed.
In brief: ANY security plugin (actually, eBooks are protected with
security plug-in as well: EBX) does nothing but returns a decryption
key to Adobe Acrobat Reader or Adobe Acrobat eBook Reader.
Plug-in can make various hadrware verifications, use parallel port
dongles, connect to the publisher's web site and use asymmetric
encryption, etc, but all ends up with a decryption key, because the
Reader needs it to open the files. And when the key is there, we can
use it to decrypt the document removing all permissions.
Below is the list (not complete) of Acrobat-based protections
supported by Advanced eBook Processor:
"standard" PDF encryption,
BPTE_Rot13 (used by New Paradigm Resources Group, Inc.),
FileOpen (by FileOpen Systems),
SoftLock (by SoftLock Services, Inc.),
InterTrust DocBox,
Internet Standards Australia
Adobe's Web Buy
Adobe's eBook Reader (GlassBook Reader)
We claim that by aggressively pushing of standards, unapproved by
professional cryptologiests, to the fast growing electronic books
market and with pursuing of independent researchers who tries to
highlight the problems, Adobe Systems violates the rights of books
authors and publishers, which may result the unauthorised
distribution of their books in the Internet.
In addition, we would like to state our intention to publish the
sources of our software in the Internet, and do our best to make them
available to everyone all over the world if Adobe Systems continues
to pursue us.
========ENDQUOTE================
--
Dr.Ing. Adrian Fulga / Technical Director
------------------------------------------------
APTM SA
Advanced Powder Technology and Micronisation
CH-6854 Lugano-Stabio, Switzerland
..............specialized in FDA-approved ..........
SuperJet - spiraljetmill/micronisers
SuperMix - highshear powder mixers
SuperFeed - precision twinscrew feeders
SuperSieve - online powder sievers
SuperFilter - efficient dust separators
--------------------------------------
Tel [main] +4191-647-4849
Tel [alternate] +4191-647-4850
Fax +4191-647-4851
<frontdesk email> mailto:in...@aptm.com
<helpdesk email> mailto:ap...@tinet.ch
<direct email> mailto:afu...@aptm.com
for more info visit us at http://www.aptm.com
========================
NOTICE - This email may contain confidential and privileged
material for the sole use of the intended recipient.
Any review or distribution by others is strictly prohibited.
If you are not the intended recipient please contact the sender
and delete all copies.
Legal privilege is not waived because you have read this e-mail.
Leonard Rosenthol
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
At 11:32 PM +0200 7/12/01, Adrian Fulga wrote:
> The moment you give the file open password to anyone, all excryption
>and security gets flushed down the toilet
Right there is the crux of the matter! If you give out the
password(s), then NO ENCRYPTION/DRM solution is secure.
HOWEVER, if you apply an "owner" password to a PDF file and
do NOT give that password out - then ElcomSoft's tool can NOT remove
the DRM.
Leonard
--
--------------------------------------------------------------------------
Leonard Rosenthol <mailto:leon...@appligent.com>
Director of Software Development (215) 922-3509 (voice)
Appligent, Inc. (aka Digital Applications) (610) 284-4233 (fax)
PGP Fingerprint: 8CC9 8878 921E C627 0BC1 15BB FC19 64A9 0016 1397
RADCO IN
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
> > The moment you give the file open password to anyone, all excryption
> >and security gets flushed down the toilet
>
> Right there is the crux of the matter! If you give out the
> password(s), then NO ENCRYPTION/DRM solution is secure.
>
> HOWEVER, if you apply an "owner" password to a PDF file and
> do NOT give that password out - then ElcomSoft's tool can NOT remove
> the DRM.
I must apologize as I don't seem to remember reading any previous topics on
this thread. Are you saying that there's a tool out there that can crack PDF
passwords?
Such a tool would be extremely serious for our company; we selected Acrobat
on the basis of its ability to produce highly secure documents. (We have 5.0
but we will NOT be using it. There fore I'm talking about the security in
4.05.)
Under what conditions is the passwords at risk?
Andy Jones
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
For more details, look at this page on PDFZone.
http://www.pdfzone.com/news/index.asp?storyid=440
----- Original Message -----
From: "RADCO IN" <rad...@bnin.net>
To: <p...@lists.pdfzone.com>
Sent: Friday, July 13, 2001 2:37 PM
Subject: Re: [PDF] PDF's protection cracked by ElcomSoft's AEBPR ?
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
> > The moment you give the file open password to anyone, all excryption
> >and security gets flushed down the toilet
>
> Right there is the crux of the matter! If you give out the
> password(s), then NO ENCRYPTION/DRM solution is secure.
>
> HOWEVER, if you apply an "owner" password to a PDF file and
> do NOT give that password out - then ElcomSoft's tool can NOT remove
> the DRM.
I must apologize as I don't seem to remember reading any previous topics on
this thread. Are you saying that there's a tool out there that can crack PDF
passwords?
Such a tool would be extremely serious for our company; we selected Acrobat
on the basis of its ability to produce highly secure documents. (We have 5.0
but we will NOT be using it. There fore I'm talking about the security in
4.05.)
Under what conditions is the passwords at risk?
Adrian Fulga
The ElcomSoft utility worked flawlessly!
Here is what I was able to easily achieve, in mere seconds, on a regular PC.
1) Remove the Master Password and all the restrictions** it controls.
2) Remove the User Password*** (File Open), 40 and 128-bit RC4 encryption.
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Hello Leonard,
Are you kidding?
What good to protect a PDF and to not give the user the password to open it.
However, keep reading my other messages on this subject.
Now I have CONFIRMATION that ElcomSoft's program CAN CRACK ANY PDF.
Best,
Adrian
At 18:21 -0400 12.07.2001, Leonard Rosenthol wrote:
>At 11:32 PM +0200 7/12/01, Adrian Fulga wrote:
>> The moment you give the file open password to anyone, all excryption
>>and security gets flushed down the toilet
>
> Right there is the crux of the matter! If you give out the
>password(s), then NO ENCRYPTION/DRM solution is secure.
>
> HOWEVER, if you apply an "owner" password to a PDF file and
>do NOT give that password out - then ElcomSoft's tool can NOT remove
>the DRM.
>
>
>Leonard
>--
>--------------------------------------------------------------------------
>Leonard Rosenthol <mailto:leon...@appligent.com>
>Director of Software Development (215) 922-3509 (voice)
>Appligent, Inc. (aka Digital Applications) (610) 284-4233 (fax)
>
>PGP Fingerprint: 8CC9 8878 921E C627 0BC1 15BB FC19 64A9 0016 1397
--
CH-6854 Lugano-Stabio, Switzerland
E-Business Communication Association -
Leonard Rosenthol
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
At 12:56 AM +0200 7/15/01, Adrian Fulga wrote:
>Hello Leonard,
>
>Are you kidding?
NO...
>What good to protect a PDF and to not give the user the password to open it.
The password to open is called the USER password, while the
one that controls the security is the OWNER password. I am
suggesting the giving out the OWNER password is a bad idea...
>Now I have CONFIRMATION that ElcomSoft's program CAN CRACK ANY PDF.
>
Did you use an owner password? Acrobat 4 or 5?
Leonard
--
--------------------------------------------------------------------------
Leonard Rosenthol <mailto:leon...@appligent.com>
Director of Software Development (215) 922-3509 (voice)
Appligent, Inc. (aka Digital Applications) (610) 284-4233 (fax)
PGP Fingerprint: 8CC9 8878 921E C627 0BC1 15BB FC19 64A9 0016 1397
E-Business Communication Association -
Paul
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Its worth remembering that Acrobat has never been that secure because you
have always been able to distill a file to remove security unless the print
was disabled. Which in many cases makes a pdf worthless. With regard to
Elcomsoft though can it remove security without having any of the passwords
or do people need to get access first ?
Paul Dennis
Complete Picture UK Ltd
101 Coppergate House
16 Brune St
London E1 7NJ
Tel 020 7721 7766
www.completepicture.co.uk
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Paul,
This is PRECISELY my point - you MUST disclose at least one password.
It is useless to send to a customer a protected PDF (both
user+master, i.e. open + change security) if you don't give him the
user's password (only to open the PDF)
It is also OBVIOUS that printing and all other options are denied
(protected by master/"change" password), otherwise, as you said, he
would be able to re-distill the printjob.
NOW I am in the position to CONFIRM that
ElcomSoft's "Advanced PDF Password Recovery" (apdfpr.exe)
REMOVES ALL PROTECTIONS FROM A PDF FILE !!!
We tried this morning:
1. With Acrobat405 we protected a PDF ("protfile.pdf") as usual with
different master "Ab12Xy34"/user "Mn56Pq78" passwords, (user's can
only OPEN the PDF)
and with all 4 "standard security" options (print, changing,
selecting, notes) enabled
2. We installed and launched apdfpr.exe
3. Double-clicking "protfile.pdf" we were asked for at least one password
and we gave the user one "Mn56Pq78" supposed to allow only OPENING the PDF
4. In less than 3 seconds Elcom's apdfpr asked the new name to save
the file WITHOUT ANY PROTECTION
5. We save the file as "unprot.pdf" and voila: ALL PROTECTIONS HAVE
BEEN REMOVED !!!
the new "unprot.pdf" CAN be printed, changed, select text and make
notes and of course, saved with new master/user passwords !!!
Once AGAIN: without giving a customer the password to only OPEN a PDF
that "protected" PDF would be useless, and if you give only that
password, a malicious user can UNPROTECT completely the PDF.
This makes ANY "security" feature of PDF useless......
Congratulations, Adobe for this "backhole" in your PDF-protection !!!
Best,
Adrian
--
CH-6854 Lugano-Stabio, Switzerland
E-Business Communication Association -
Mark Gavin
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
>
>Once AGAIN: without giving a customer the password to only OPEN a
>PDF that "protected" PDF would be useless, and if you give only that
>password, a malicious user can UNPROTECT completely the PDF.
>
>This makes ANY "security" feature of PDF useless......
Adrian,
Such a broad statement is incorrect. ElcomSoft's PDF Password
Recovery application only defeats PDF security methods which are
based on the Standard Acrobat Security Handler Mechanism. Granted,
this accounts for the majority of commercially available security
methods in use today; but, not all of them. For example; Authentica
does not use the Adobe Standard Acrobat Security Handler Mechanism in
their PageRecall product and thus PageRecall can not be broken using
the ElcomSoft application.
Regards,
--
Mark Gavin
Chief Technology Officer
Appligent, Inc. (formerly Digital Applications, Inc.)
60 South Lansdowne Avenue
Lansdowne, PA 19050
(610) 284-4006
http://www.appligent.com
Max Wyss
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Adrian,
the crucial point is actually that you MUST disclose at least one password.
Now, it is definitely a viable assumption that you provide the
opening password to a legitimate user. Of course, it is not
necessarily correct that someone having the USER password is also a
legitimate user. It is therefore still important that you are careful
with handing out the password. This would, for example mean that you
preferrably distribute documents using an user-related PPK solution
(as it is now in Acrobat 5 with the self-sign security system). In
this case, you make sure that only legitimate users can open the
document.
OK, assumed you are a legitimate user of the document. If you use
some "password recovery software", you may very easily violate the
rights you are granted by receiving the document and the password.
So, it is not even relevant if how good the security of the document
was, did an illegal action to breach this security.
There are countries where it is illegal to make and sell the tools to
breach the security. There are, however, way more countries where it
is essentially illegal to _use_ these tools (sometimes even if you
would have the rights to do so).
Now, one thing you might test, is if it is possible for that software
to remove the protection if you do _not_ have the USER password.
You may also test if it is possible for that software to remove the
protection from a digitally signed document, without leaving any
traces.
Another thing to keep in mind is that any document protection can be
cracked when a document is displayed, because in order to display it,
it will have to be decoded. The, as far as I can see, only kind of
secure way to distribute documents for viewing purposes would be with
a self-containing hardware-based solution, where the document is part
of the viewing device, and the viewing device has no connection to
the outside world.
Therefore, that sarcasm at the end of the message is a bit out of place.
Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland
Fax: +41 1 700 20 37
e-mail: mailto:m...@prodok.com
http://www.prodok.com
[ Building Bridges for Information ]
______________________
Leonard Rosenthol
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
At 11:28 AM +0200 7/16/01, Adrian Fulga wrote:
>This is PRECISELY my point - you MUST disclose at least one password.
Only if you use a user password. You can supply an owner
password w/o a user password...
>NOW I am in the position to CONFIRM that
>ElcomSoft's "Advanced PDF Password Recovery" (apdfpr.exe)
>REMOVES ALL PROTECTIONS FROM A PDF FILE !!!
Only on Acrobat 4 and not always w/o damaging the PDF.
I did some tests of my own yesterday and found that in many
cases, although the file gets the protection removed, it damages the
internals of PDF. In one case, it completely wiped out all of the
actual content of the document leaving me with blank pages!!!
Leonard
--
--------------------------------------------------------------------------
RADCO IN
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
> Adrian,
> Such a broad statement is incorrect. ElcomSoft's PDF Password
> Recovery application only defeats PDF security methods which are
> based on the Standard Acrobat Security Handler Mechanism. Granted,
> this accounts for the majority of commercially available security
> methods in use today; but, not all of them. For example; Authentica
Try 99%+ for all Acrobat PDF files.
I feel Adrian's broad statement WAS correct. (In honesty, I never even heard
of the program you referred to.)
Anyway, Adobe SCREWED UP big time by allowing a backdoor in Acrobat, and
this is really dangerous. (Something I would have expected from Microsoft.)
Approvals we have completed can now be later modified WITH OUR STATE OF
FEDERAL APPROVAL STILL ON THEM.
RADCO IN
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
> Only if you use a user password. You can supply an owner
> password w/o a user password...
I'm slightly confused about this. We do not use a password to open the PDF,
but we do use a password to keep anyone else from modifying it. They can
print it, but not make modifications. Does this program unlock any PDF if
the PDF can be opened with a password if locked and opened without any
password? IE, once the PDF is open, the program will unprotect the PDF and
can be modified?
(I'm getting madder and madder by the minute as I read these messages.)
Mathieu Genois
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
RADCO IN!
Simple. This program will allow you to open any pdf document, to modify the
document, etc... even if there are plenty of Adobe Password
(USER/OWNER/...). Just go get it and try it... nice app that create us
plenty of problem... but i was sure that it was only question of time before
this crack went out...
cya!
----- Original Message -----
From: "RADCO IN" <rad...@bnin.net>
To: <p...@lists.pdfzone.com>
Sent: Monday, July 16, 2001 8:28 AM
Subject: Re: [PDF] PDF's protection cracked by ElcomSoft's AEBPR ?
>
> The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
> __________________________________________________________________
>
> > Only if you use a user password. You can supply an owner
> > password w/o a user password...
>
> I'm slightly confused about this. We do not use a password to open the
PDF,
> but we do use a password to keep anyone else from modifying it. They can
> print it, but not make modifications. Does this program unlock any PDF if
> the PDF can be opened with a password if locked and opened without any
> password? IE, once the PDF is open, the program will unprotect the PDF and
> can be modified?
>
> (I'm getting madder and madder by the minute as I read these messages.)
>
>
Mike Cocchiola
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Can anybody point me in the right direction here...
I have a VB program that creates FDF files for various PDF formats. Using
the reader I can open an FDF and its associated PDF and automatically print
it out to a printer without user intervention. I would like to combine all
of these single page PDF's that are generated into a single multi-page PDF
that I can then print out. Note: I'm pretty sure I will not be able to do
this with Acrobat Reader alone. Can I do this using Acrobat 5.0? Do I need
the SDK? Is there a 3rd party piece of software that will help me.
Thanks
Mike Cocchiola
Mike Cocchiola
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Thanks. Looking in Acrobat I see how I can do this through the menus, what I
need to know now is how I can do this without any user intervention. I
basically want the VB program that the user is running to do all of the
merging and printing without the user having to select any menu options.
Thanks
Mike
-----Original Message-----
From: owne...@lists.pdfzone.com [mailto:owne...@lists.pdfzone.com]On
Behalf Of Mathieu Genois
Sent: Monday, July 16, 2001 11:30 AM
To: p...@lists.pdfzone.com
Subject: Re: [PDF] Combining PDF's based on FDF's
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
with only Acrobat v5, you'll be able to do this. very easily, just check
some menu options....
----- Original Message -----
From: "Mike Cocchiola" <mcocc...@demandwave.com>
To: <p...@lists.pdfzone.com>
Leonard Rosenthol
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
At 01:20 PM 7/16/2001 -0400, Mike Cocchiola wrote:
>Thanks. Looking in Acrobat I see how I can do this through the menus, what I
>need to know now is how I can do this without any user intervention. I
>basically want the VB program that the user is running to do all of the
>merging and printing without the user having to select any menu options.
You'll need the full Acrobat, or a 3rd party toolkit/application,
in order to provide that. If you plan to use Acrobat, EACH PERSON who
would be using the tool must have their OWN PERSONAL copy of Acrobat.
Leonard
--------------------------------------------------------------------------------------------------------------------------
Leonard Rosenthol <mailto:leon...@appligent.com>
Director of Software Development (215) 922-3509 (voice)
Appligent, Inc. (formerly Digital Applications) (610) 284-4233 (fax)
PGP Fingerprint: 8CC9 8878 921E C627 0BC1 15BB FC19 64A9 0016 1397
Max Wyss
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Stewart,
what they actually do is more selling the machine to cut a copy of
your key. This per se is not illegal, but things will become illegal
if you actually cut a key and use it without the permission.
Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland
Fax: +41 1 700 20 37
e-mail: mailto:m...@prodok.com
http://www.prodok.com
[ Building Bridges for Information ]
______________________
>I know this is no help to the problem at hand but I'm curious; is
>ElcomSoft even allowed to do this? Wouldn't this be akin to me
>cutting master keys for all the homes in my subdivision and then
>selling them on the public market? I find this disturbing partially
>because I'm a big Acrobat fan but mostly because of the moral/logic
>issue this presents.
>I read ElcomSoft's info site and they do this for a number of
>different softwares under the pretense that they can help you if you
>loose your password. This sounds more like an excuse to legally
>break into other peoples property and then sell the means to anyone
>that wants it. If I loose or forget my password, that's my problem.
>It shouldn't be a "problem" that can be solved by any number of
>total strangers from all over the globe.
Roberto Perelman
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
With Acrobat 5.0 you can do this in an automatic way using batch.
Dean Laffan
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
on 16/7/01 8:15 PM, Max Wyss at m...@prodok.com wrote:
> Now, it is definitely a viable assumption that you provide the
> opening password to a legitimate user. Of course, it is not
> necessarily correct that someone having the USER password is also a
> legitimate user.
Nearly very collection of, or single PDF I create, goes out with NO open
password, only protected for disabling etc. If I keep Printing disabled, I'm
still in the same boat as prior to to ElcomSoft ? ... correct ?
regards
***
dean laffan
real world productions
melbourne, australia
ph +613-9419-3966
Mobile - 0418-525-315
It said on the box: 'Requires Windows 95 or better' ... so I bought a Mac !
Aandi Inston
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
The plot thickens: "FBI Reportedly Detains ElcomSoft Employee in U.S."
http://www.planetebook.com/mainpage.asp?webpageid=165
Aandi
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Hello Leonard,
At 06:54 -0400 16.07.2001, Leonard Rosenthol wrote:
>The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
>__________________________________________________________________
>
>At 11:28 AM +0200 7/16/01, Adrian Fulga wrote:
>>This is PRECISELY my point - you MUST disclose at least one password.
>
> Only if you use a user password. You can supply an owner
>password w/o a user password...
>
What for ?
I am missing your point here.
Owner password leaves ALL doors open!
At that point you simply DON'T apply ANY protection
Best,
Adrian
--
CH-6854 Lugano-Stabio, Switzerland
E-Business Communication Association -
Aandi Inston
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
> My point is that ADOBE's Acrobat HAS this backdoor!
Ok, ok, you made your point. Could I suggest it would be
better to collect your thoughts and post fewer messages.
With 10 from one person I assumed that the list mailer
must have broken.
Aandi
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Hello Mathieu,
At 10:58 -0400 16.07.2001, Mathieu Genois wrote:
>..........
>
>cya!
Agreed, and more than that:
cya! cya!
Best,
Adrian
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Hello Dean,
At 08:02 +1000 17.07.2001, Dean Laffan wrote:
>......
>Nearly very collection of, or single PDF I create, goes out with NO open
>password, only protected for disabling etc. If I keep Printing disabled, I'm
>still in the same boat as prior to to ElcomSoft ? ... correct ?
Good question, tried it just now:
1. Made PDF with Owner password, without user/OPEN password and all
protections enabled
Answer is ...... YES!
Owner password AND all protections ARE removed (less than 1 sec)
Best,
Adrian
--
CH-6854 Lugano-Stabio, Switzerland
E-Business Communication Association -
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Hello RADCO IN,
At 13:02 -0400 16.07.2001, RADCO IN wrote:
>.........
>
>Yea, guess I better try it. Does anyone have the URL for the website?
Try one of:
http://www.elcomsoft.com/APDFPR/apdfprp.zip
http://ww.elcomsoft.com/dl/apdfpr.zip
http://www.golubev.com/elcomsoft/apdfprp.zip
free 30 days than $30.00
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Hello Mark,
My point is that ADOBE's ACROBAT has this backdoor!
As major part of end users around the world I trusted Adobe's
"safety" statements
giving owner/user passwords and disabling printing to avoid redistillation.
Somebody screwed us all .... guess WHO?
Best,
Adrian
--
CH-6854 Lugano-Stabio, Switzerland
E-Business Communication Association -
Adrian Fulga
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
Hello Mark,
My point is that ADOBE's Acrobat HAS this backdoor!
As major part of end users around the world I trusted Adobe's
"safety" statements
giving owner/user passwords and disabling printing to avoid redistillation.
Now I realize that we "played" with passwords for years.....
Somebody screwed us all .... guess WHO?
Best,
Adrian
--
CH-6854 Lugano-Stabio, Switzerland
E-Business Communication Association -
Leonard Rosenthol
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
At 12:59 PM +0200 7/17/01, Adrian Fulga wrote:
>At 06:54 -0400 16.07.2001, Leonard Rosenthol wrote:
>>At 11:28 AM +0200 7/16/01, Adrian Fulga wrote:
>>>This is PRECISELY my point - you MUST disclose at least one password.
>>
>> Only if you use a user password. You can supply an owner
>>password w/o a user password...
>>
>What for ?
>I am missing your point here.
>Owner password leaves ALL doors open!
No it doesn't, it closes them all.
Also, when you use only an Owner password with Acrobat 5
security, The AEBPR can't break it (though it can with Acrobat 4
security).
Leonard
--
--------------------------------------------------------------------------
Leonard Rosenthol <mailto:leon...@appligent.com>
Director of Software Development (215) 922-3509 (voice)
Appligent, Inc. (aka Digital Applications) (610) 284-4233 (fax)
PGP Fingerprint: 8CC9 8878 921E C627 0BC1 15BB FC19 64A9 0016 1397
E-Business Communication Association -
La Oficina Sin Papel
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
>
>Now, one thing you might test, is if it is possible for that
>software to remove the protection if you do _not_ have the USER
>password.
-------------
>As I wrote previously, we have and tried only
>ElcomSoft's "Advanced PDF Password Recovery" (apdfpr.exe)
>This NEEDS at least one password.
False.
I've tried with a pdf from one of my employees with his bank account
keys.(he did not believe what I was telling him... so he brought the PDF) No
password was needed to open it. Not only that, but the program told us, in 3
seconds, WHICH WAS THE PASSWORD NEEDED TO OPEN THE DOC. The USER pasword.
This thing has damaged us all. I've spent LOTS of time (probably not as many
as you , Max) programming code in Javascript to build complete JS based
applications for some customers. The only protection I had was the protected
JavaScript code. Now, they can learn pretty easy how to code themselves the
needed funtions, with my code. For free.
I've been asked several times.."How do you do this....". Any of you has
heard this question?
It's a disaster. Complete. What happens now to the clients I assured their
docs were safe?
Anyway, I personally prefer it to be this way than having a "suspect" about
if this can or can't be done.
Adobe failed deeply in this one.
Too bad. Now, we have to start all over again.
Ok. Let's do it.
Carlos
******************************************
Carlos Gonzalez Marti
Director General
La Oficina Sin Papel S.L.
Cristóbal Bordiú, 63
28003 Madrid (Spain)
T: +34 915 344 348 F: +34 915 531 508
e-mail: car...@laoficinasinpapel.com
www.laoficinasinpapel.com
******************************************
RADCO IN
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
> Also, when you use only an Owner password with Acrobat 5
> security, The AEBPR can't break it (though it can with Acrobat 4
> security).
The program unlocks open both regular 40 bit & the new (5.0) 128 bit PDF's
when protected with a master (not owner) password.
I haven't been able to get it to unlock any PDF (saved in 4.05) when just
the "open" password was set. It reports that both are set and needs the open
password to crack the security. The password was set from the shift+ctrl+S
option.
However with just the password set to disallow editing, etc. it opens it
without problems (vs. 4.05 or 5.0; 40 bit or new 128 bit.)
Max Wyss
The PDF list is a service provided by PDFzone.com | http://www.pdfzone.com
__________________________________________________________________
It is getting boring, but that is just the way that Elcomsoft product
works. It DOES NOT CRACK A PASSWORD. It gets at the document after it
has been decrypted for display. In such a case, it does not matter
how highly encrypted the document is.
Protecting against this scheme is possible by preventing any other
application (or plug-in) to get at the complete document ... as it
has been mentioned by Sanford Bingham of FileOpen.
Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland
Fax: +41 1 700 20 37
e-mail: mailto:m...@prodok.com
http://www.prodok.com
[ Building Bridges for Information ]
______________________
