Planet PDF: the home of the PDF community
Planet PDF: the home of the PDF community
Quick PDF Library

Archive 		Planet PDF Forum
Find Software and ServicesPDF EventsNewslettersFreeAboutSite MapOur Sponsors

Planet PDF Forum Archive

Planet PDF ForumThe page you are viewing is part of our 160,000 page PDF discussion forum archive spanning 1999-2008. Would you believe we have a 2nd forum archive which covers 2008 - 2011? But... if you really want to bust-a-move head to the LIVE Planet PDF Forum. It features more than 10 conferences, covering everything from beginner discussions to in-depth developer and pre-press discussions.


How to search this archive. The quickest way is to use the filters on our Advanced Search page so that only archive pages are included in the results.


Previous | Next | (P-PDF) Acrobat 6.0

Topic: Re: Effective security in Acrobat 6
Conf: (P-PDF) Acrobat 6.0, Msg: 110671
From: vkatalov
Date: 4/30/2004 06:42 PM

>The Elcomsoft approach is
>essentially to modify an
>already open document. In order
>to display a document, you will
>at one time have to open, and to
>expose its contents. This means that this
>point is the place where anything can be
>attacked (if that term is
>appropriate).

Sorry, this is not correct. The approach you described has been used only in our "Advanced eBook Processor" product (which is not available anymore -- after our DMCA case), and only for files encrypted using 3rd party plug-ins. I think this is a major fail in Adobe security model: if someone can open (view) PDF file, even very resticted, then it can create a completely unprotected copy. Simply because the whole PDF file is encrypted using single RC4 key (which should be known to viewer such as Adobe Reader) -- it is being returned by security plug-in.

Our current software (Advanced PDF Password Recovery) does not require the PDF file to be opened -- it obtains the key directly from PDF file. This is applicable to documents protected with "owner" password only, of course.

>If the document has an opening
>password, the Elcomsoft
>software does
>rely on the user to provide
>that password. Otherwise, it
>has to use the brute-force approach,
>which takes more than exponentially
>more time the longer the opening
>password is. And if you add some extra
>characters, even the dictionary search
>approach (which is a considerable
>speedup) will fail.

If 40-bit protection has been used, it is possible (also with our software, as well as a few other programs) to decrypt the file, so removing the "open" password, by trying all possible keys. It takes only a few days on good desktop PC.

>It gets even more extreme with
>a document which uses digital
>signatures/certificates for
>protection. Without the
>private key, whose
>public key has been used to
>encrypt the document, such
>documents can not be opened.
>Period.

Correction: digital signatures could not be used for protection. Period ;) One can add them only to ensure the "authority" of the documents, and also to detect changes in the file. Only certificates (public/private key pairs) really protect.

>However, once the document is
>opened for
>viewing, you do have access to
>it.

Absolutely correct.

>This also applies for any kind
>of third-party securing
>software.

Correct as well ;)

> I know
>of solutions which actually
>verify first if any known
>"protection
>removing" software is
>installed on the user's
>machine, and, if so, they
>simply refuse to work.

The only PDF protection that does that I know of is FileOpen plug-in. However, FileOpen protection (including one implemented in expensive and "very secure" WebPublisher) can be removed either instantly or in a matter of a few hours -- without Adobe Reader, FileOpen plug-in itself or whatever. I'd call it "snake-oil" (see Bruce Schneier's definition of the term) because of multible vulnerabilities. Their main protection is DMCA ;)

--
Sincerely yours,
Vladimir

Vladimir Katalov
Managing Director
ElcomSoft Co.Ltd.
Member of Association of Shareware Professionals (ASP)
Member of Russian Cryptology Association
mailto:vkatalov@elcomsoft.com
http://www.elcomsoft.com (Corporate site)
http://www.crackpassword.com (Password Recovery Software)
PDF In-Depth Free Product Trials Ubiquitous PDF

LockLizard Safeguard PDF Security

Made specifically for publishers of high value information published in PDF format, it protects your PDF...

Download free demo

ARTS PDF Aerialist X

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link...

Download free demo

Ubiquitous PDF: DIY PDF magazines, courtesy of CNET and Magazinify

Thanks to Magazinify.com, it's possible to have web articles delivered right to your inbox in PDF form. If that weren't enough, the nice folks at CNET have been nice enough to publish a step-by-step guide about how to set this all up using just a little time and a free Magazinify account.

September 06, 2011
Search Planet PDF
more searching options...
PDF Resources
Platinum Sponsor

ARTS PDF

Create & Edit PDF - Nitro PDF Software
Silver Sponsors

LockLizard DRM PDF Security Quick PDF Library: The Unrivaled PDF Developer Toolkit

Featured Product

ARTS PDF Crackerjack X

The most popular Acrobat plug-in for PDF-based color print production and automation.
Featured Event

Adobe Digital Marketing Summit

March 20-23, 2012 -- Salt Palace Convention Center, Salt Lake City, Utah

The Digital Marketing Summit is the premier event for digital marketers and advertisers to learn about and share key strategies for driving marketing innovation. Attend Summit to learn how you can create, measure, and optimize digital experiences to revolutionize how the world engages with ideas and information.

PDF Store Categories

Advertise | Submit news | Newsletters | About | Contact | Site Map | Forum Archive
  Planet PDF RSS Feeds | Find PDF Software | Free PDF eBooks

To connect with us, read Debenu's Blog, follow debenu on Twitter, or join the Debenu LinkedIn group. Planet PDF, PDF Store, Debenu and ARTS PDF are all © 2010 Debenu Pty Ltd (and formerly owned by Nitro PDF Software. All Rights Reserved. Privacy

 Planet PDF