Almost all password-protected PDF files are vulnerable to new software that can crack them in seconds, developer Elcomsoft announced today. The Russian firm earlier beat legal action prompted by PDF creator, Adobe, after releasing a program to defeat e-book encryption in 2001.
Weak 40-bit encryption, which is used in “most” PDF files, according to Elcomsoft, can usually be broken in a few minutes with the most advanced version of the new software, the company claimed in a press statement released in Moscow today.
Once cracked, the files can be opened, altered, copied or printed, regardless of restrictions placed on them by their creator.
The Advanced PDF Password Recovery program uses a combination of dictionary attacks, pre-calculated hash tables and brute force attacks to break encryption on the popular document format. Although the basic software costs $49, only more expensive versions, costing from $100 up to $1000 offer all of these attack methods.
Even if a the fast attack methods fail due to an unusually long and complex password, “on modern systems with Intel Core Duo CPUs, the document can be recovered in maximum 3 to 4 days, regardless of the password length and complexity,” Elcomsoft announced. However, it is unclear whether this claim applies to PDF files with the stronger 128-bit encryption, or only 40-bit encrypted documents.
In 2001, following a complaint from Adobe, Dmitry Sklyarov, one of Elcomsoft's lead developers was arrested as he visited the US for a security conference. Sklyarov was charged under the DMCA (Digital Millennium Copyright Act), over software that broke the encryption on Adobe's e-Book format. Following a public outcry, Adobe withdrew its complaint. Elcomsoft won a related court case in 2002.
Elcomsoft suggests the software can be used as a forensics tool by “law enforcement, military and intelligence agencies to open secure documents”, or by businesses, to recover lost passwords.
Adobe's Acrobat version 8 offers 40-bit and 128-bit encryption. The encryption level can be chosen by the user when a file is saved - it is usually set automatically if the user The stronger 128-bit coding only became available in version 5 of the software. However, the 128-bit setting appears to be the default for recent versions, even though this means they save files which are incompatible with older copies of Adobe Reader. Software companies often use such methods as a means of pushing users to upgrade to newer versions of a program.