Planet PDF: the home of the PDF community
PDF Store: where the PDF community shops
Planet PDF: the home of the PDF community

shop for PDF software online

Archive 		Planet PDF ForumPlanet PDF Web Expo
Find Software and ServicesPDF EventsNewslettersFreeAboutSite MapOur Sponsors

Planet PDF Forum Archive

Planet PDF ForumThe page you are viewing is part of our 160,000 page discussion forum archive. See below for PDF-related discussions spanning 1999-2008. To ask questions and get help, head to the live Planet PDF Forum.


How to search this archive. The quickest way is to use the filters on our Advanced Search page so that only archive pages are included in the results.


Previous | Next | (P-PDF) Acrobat 6.0

Topic: Re: Effective security in Acrobat 6
Conf: (P-PDF) Acrobat 6.0, Msg: 110671
From: vkatalov
Date: 4/30/2004 06:42 PM

>The Elcomsoft approach is
>essentially to modify an
>already open document. In order
>to display a document, you will
>at one time have to open, and to
>expose its contents. This means that this
>point is the place where anything can be
>attacked (if that term is
>appropriate).

Sorry, this is not correct. The approach you described has been used only in our "Advanced eBook Processor" product (which is not available anymore -- after our DMCA case), and only for files encrypted using 3rd party plug-ins. I think this is a major fail in Adobe security model: if someone can open (view) PDF file, even very resticted, then it can create a completely unprotected copy. Simply because the whole PDF file is encrypted using single RC4 key (which should be known to viewer such as Adobe Reader) -- it is being returned by security plug-in.

Our current software (Advanced PDF Password Recovery) does not require the PDF file to be opened -- it obtains the key directly from PDF file. This is applicable to documents protected with "owner" password only, of course.

>If the document has an opening
>password, the Elcomsoft
>software does
>rely on the user to provide
>that password. Otherwise, it
>has to use the brute-force approach,
>which takes more than exponentially
>more time the longer the opening
>password is. And if you add some extra
>characters, even the dictionary search
>approach (which is a considerable
>speedup) will fail.

If 40-bit protection has been used, it is possible (also with our software, as well as a few other programs) to decrypt the file, so removing the "open" password, by trying all possible keys. It takes only a few days on good desktop PC.

>It gets even more extreme with
>a document which uses digital
>signatures/certificates for
>protection. Without the
>private key, whose
>public key has been used to
>encrypt the document, such
>documents can not be opened.
>Period.

Correction: digital signatures could not be used for protection. Period ;) One can add them only to ensure the "authority" of the documents, and also to detect changes in the file. Only certificates (public/private key pairs) really protect.

>However, once the document is
>opened for
>viewing, you do have access to
>it.

Absolutely correct.

>This also applies for any kind
>of third-party securing
>software.

Correct as well ;)

> I know
>of solutions which actually
>verify first if any known
>"protection
>removing" software is
>installed on the user's
>machine, and, if so, they
>simply refuse to work.

The only PDF protection that does that I know of is FileOpen plug-in. However, FileOpen protection (including one implemented in expensive and "very secure" WebPublisher) can be removed either instantly or in a matter of a few hours -- without Adobe Reader, FileOpen plug-in itself or whatever. I'd call it "snake-oil" (see Bruce Schneier's definition of the term) because of multible vulnerabilities. Their main protection is DMCA ;)

--
Sincerely yours,
Vladimir

Vladimir Katalov
Managing Director
ElcomSoft Co.Ltd.
Member of Association of Shareware Professionals (ASP)
Member of Russian Cryptology Association
mailto:vkatalov@elcomsoft.com
http://www.elcomsoft.com (Corporate site)
http://www.crackpassword.com (Password Recovery Software)
PDF In-Depth Free Product Trials Ubiquitous PDF

Pitstop Pro

Now graphic arts professionals have even broader and more expert control over their PDF documents. With...

Download free demo

ARTS PDF Aerialist

The ultimate plug-in for Adobe Acrobat and #1 selling product at PDF Store. Advanced splitting, merging,...

Download free demo

Ubiquitous PDF: 2009 IRS income tax forms available for download

With less than a month to go until Americans will be scrambling to file their 2009 tax paperwork. Luckily, printable PDF versions of forms such as the 1040 can be downloaded for free from the IRS website.

March 18, 2010
Search Planet PDF
more searching options...







Download PDF Creator

PDF Resources
Platinum Sponsor
Create & Edit PDF - Nitro PDF Software

ARTS PDF
Silver Sponsors

PDF-Tools QuickPDF: The Unrivaled PDF Developer Toolkit

Get Nitro PDF Professional

Download Nitro PDF Professional
Featured Product

NITRO PDF Professional

Built from the ground up, the perfect desktop PDF product for business and enterprise. Nitro PDF Professional has an uncompromising feature set so you can create, combine, edit, collaborate on and...

Featured Event

No upcoming events
PDF Store Categories

Advertise | Submit news | Newsletters | About | Contact | Site Map | Forum Archive
  Planet PDF RSS Feeds | Buy PDF Software | Find PDF Software | Free PDF eBooks

To connect with us: Read Nitro's PDF Blog, follow nitro pdf on Twitter, or join the Nitro PDF LinkedIn group. Planet PDF, PDF Store, Nitro PDF Software and ARTS PDF are all copyright © 2009 Nitro PDF, Inc. and Nitro PDF Pty Ltd. All Rights Reserved. Privacy

 Planet PDF