PDF In-Depth

The Keys to Your Cottage: an overview of PDF document security

Direct and indirect attacks



The Repetitive Rock Search -- Brute-force attacks

Continuing this analogy, a repetitive search of rocks near your cottage is referred to as a brute-force attack by security experts. Brute-force attacks are the simplest attacks against a security system, but they can still be very effective. The only difficulty for the intruder is the amount of time required to find the key. In the case of the cottage, the amount of time required to find the key is simply determined by the number of rocks located around the cottage. The more rocks you have around your cottage, the longer it's going to take someone to find your key. When security experts refer to key-lengths, they are in a sense, referring to the number of rocks someone would need to try before they stumble upon the key.

In terms of electronic encryption, key-lengths are described in bits. If the key-length is 40 bits, this means that there are 240 rocks around your cottage while 128 bits means that there are 2128 rocks. With each additional bit the number of rocks surrounding the cottage doubles. Therefore, a jump from 40 to 128 bits is an increase of 309,485,009,821,345,068,724,781,056 rocks.

Recently, security and marketing literature has started mentioning 256 bit keys. Since the average home computer a few years back was so fast that it was able to "look under" 1,099,511,627,776 (40 bit) rocks in approximately four days, security experts recommended that users move to 128 bit keys. With the increasing processor speeds of today's computers, experts are now discussing the option of upgrading to 256 bit keys. Essentially, as the potential thief becomes a quicker searcher of rocks, the more rocks are needed to prevent the thief from finding your key.

Hiding in the Bushes -- Debugging the Application

Hiding in the bushes and watching your friend remove the key is analogous to a method hackers use to find keys. Hackers use a software tool called a debugger to monitor how a program decodes a document. Debuggers were originally designed and used by software engineers to find errors in their programs. These debuggers work by "freezing" a computer and stepping through each instruction at the same time as the computer performs it, in order to detect software errors as they occur. This tool can also be used to step through other products and monitor how they execute. The use of a debugger is a more methodical approach and requires significant software expertise when compared to the brute-force attack but it has the potential to yield results much more quickly.

Microsoft's response to this kind of attack against their Windows product keys was the Genuine Advantage program, which verifies registration keys during software updates. It is designed to block users who have obtained keys using a debugger.

There are also legal forms of protection available, such as the Digital Millennium Rights Act (DMCA) that was passed by the US Congress on October 12th, 1998. This act has made reverse engineering of keys using this method illegal. While the legalities surrounding security of copyright content are important, this article is concerned with the use of mathematical techniques and barriers to prevent hacking, and therefore, the details of legal protection of digital privacy will not be discussed further.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Five visions of a PDF Day

In the world of PDFs or as we like to say Planet (of) PDF, a year isn't a real PDF year without an intense few days of industry knowledge sharing.

May 15, 2018
Platinum Sponsor

Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.


Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.