PDFdev is a service provided by PDFzone.com | http://www.pdfzone.com _____________________________________________________________
A: Removing the owner password just means you can't ever have full access to that PDF again. B: Yeah. It wouldn't be that hard to remove the owner password. The user password is used to encrypt the file. The owner password is, technically speaking, useless. Owner passwords only matter in pdf viewers that follows Adobe's security rules. And it's entirely possible that some don't. C: Removing the user password (without knowing it) would involve trying all the possible valid passwords (40 bits, 1,099,511,627,776 possible combinations). These days, that's not quite as impressive as it sounds. There's a reason US export law treats 1 ghz machines as munitions (I'm not saying it's a GOOD reason, but there is a thought process there). Acrobat also supports 128 bit encryption. Forget cracking that any time soon... 1 trillion cubed (give or take): a little less than 340,000,000,000,000,000,000,000,000,000,000,000,000 possible combinations. I don't even know the word for that one. trillion, quadrillion, 5-illion (?), sextillion, septillion, octillion?, novillion?, then what? Today's most powerful computers could chew on that one for a Long Time. So stripping the owner password isn't a big deal. Stripping the user password requires some heavy duty number crunching for 40-bit security, and a major technological/mathematical advance for the new 128-bit stuff. Lets guess that it takes 5000 instructions to try a possible password (and that 5000 number is a guess, could be wrong in either direction). To crack a 40-bit password, a 1 ghz machine would take an average of... about 26 days? Something like that... Key cracking is something that can easily run in parrallel on multiple machines, but it's still not a small undertaking. Conclusion: I wouldn't worry to much about someone coming along and stripping the security from your password-protected PDFs. If you're feeling paranoid, stick to the newer 128-bit stuff. --Mark Storer Software Engineer Cardiff Software #include <disclaimer> typdef std::disclaimer<Cardiff> Discard; > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of J. Kulicki > Sent: Monday, February 02, 2004 2:35 AM > To: [EMAIL PROTECTED] > Subject: [PDFdev] PDF decryption > > > > PDFdev is a service provided by PDFzone.com | http://www.pdfzone.com > _____________________________________________________________ > > I've seen some offers of applications removing passwords from > PDF files. > From their descriptions I deduce that it is impossible to > remove "user" > password without the key, whereas removing "owner" password > is performed > instantly - probably without knowledge of the key. Why? How? > > Jacek Kulicki > > > > To change your subscription: > http://www.pdfzone.com/discussions/lists-pdfdev.html > To change your subscription: http://www.pdfzone.com/discussions/lists-pdfdev.html
