These forums are now Read Only. If you have an Acrobat question, ask questions and get help from one of our experts.

Does Acrobat 9 have improved security for preventing changes/printing?

Forum Index > Security > Does Acrobat 9 have improved security for preventing changes/printing?
2008-08-29 21:41:01
mschmidt
Registered: Aug 29 2008
Posts: 3

In version 8 and earlier, AES security seemed to apply only to the Password-to-open. When a password was required in order to disallow changes or printing however, and when there was no passsword to open, the change/printing password was much less secure. I've tried out several of the readily available password-cracking programs on Acrobat 8 documents (so-called "Password Recovery" programs) and they had no problem removing the permission to change password.

My company sells books and other publications in PDF format Each copy is registered to the individual purchaser, and a registration number and user name are written on the title page of each PDF file. This seems to us as the least annoying form of digital rights management (passwords to open the file, or having to be online in order to read are measures we don't want to impose on customers). However, anyone with about $30 for a password cracking utility can easily restore change/print privalegs. Is Acrobat 9 any more secure in this regard?

My Product Information:
Acrobat Pro 9.0, Windows
Top
2008-09-03 06:30:45
#1
lkassuba
ExpertTeam
Registered: Jun 28 2007
Posts: 3636
Password security applies to protecting document permission settings as well as opening the document. In version 9, the AES 256-bit encryption algorithm can be used for password security. If AES 256-bit encryption is used, then the password may use Unicode as well.

If you're looking for more secure methods, you might want to investigate certificate security. You can find more information on security methods and what's new in Acrobat 9 in the [url=http://www.adobe.com/devnet/acrobat/pdfs/acrobat_security_admin_90.pdf]Acrobat 9 Security Administration Guide[/url].

Lori Kassuba is an AUC Expert and Community Manager for AcrobatUsers.com.

Top
2008-09-25 21:38:30
#2
sinc
Registered: Jun 3 2008
Posts: 19
It seems to me that using a longer password would defeat any password cracking software.

How about a 30-character password?

Joseph T. Sinclair
Publisher
RealEstateInvestmentCenter.com

Top
2008-09-26 11:21:35
#3
sinc
Registered: Jun 3 2008
Posts: 19
My prior post was a question, not a statement.

It's my understanding that a random 8-character password (mixed letters and numbers) is not crackable without a huge amount of processing power far beyond a normal person's resources. Isn't that right?

In Acrobat, you are not limited to 8 characters. I don't know what the limit is, but it's probably a few dozen characters.

Therefore, if you use just 10 characters (random), you can be sure no one can crack your password. Isn't that right?

If you use 20 or 30 characters (random), it would be impossible for anyone (even the military) to crack your password. Isn't that right?

Thanks for an answer.

Joseph T. Sinclair
Publisher
RealEstateInvestmentCenter.com

Top
2008-10-03 05:42:16
#4
lkassuba
ExpertTeam
Registered: Jun 28 2007
Posts: 3636
The password length has no bearing on the length of the encryption key or type of encryption used in Acrobat. However, the length of the password could make it harder to brute force the password, but much of this depends on how the password was generated, what set of characters were used, etc.

Lori Kassuba is an AUC Expert and Community Manager for AcrobatUsers.com.

Top
2008-10-11 11:27:55
#5
plevy
Expert
Registered: Jul 8 2008
Posts: 80
Acrobat 9 security should be much stronger. When you set it, you need to specify compatibility with "Acrobat 9 and later".
Top
2008-11-05 15:51:39
#6
lounsbury1485
Registered: Nov 5 2008
Posts: 1
Is there any way to disable the Save As function? We are using document security to disable printing and copying, but I see no way to prevent a user from saving the PDF document to their local machine. We want to put out training documents on the web and allow our users to read these documents, but not copy, print, save or save as. We don't want to password protect them, as that still wouldn't prevent them from saving a copy of the document.

Thanks,

Linda (New user to this forum)
Top
2008-11-05 22:44:36
#7
soill
Registered: Nov 2 2008
Posts: 5
In Acrobat 9 security you can set password for signed or stamped document ?
Top
2008-12-02 04:39:45
#8
kravietz
Registered: Mar 18 2008
Posts: 3
Actually in Acrobat 9 the password security measured as time to brute-force the password seems to be weaker comparing to Acrobat 8 by a factor o 100.

This is because the encryption key preparation algorithm performs only one SHA-256 hashing (Acrobat 9) instead of 50 MD5 hashes (Acrobat 8). On the other hand the algorithm in 9 was significantly improved against other attacks e.g. "rainbow tables".

So I would suggest using either 9, but with a really long password (in 9 maximum is 127 characters) and consisting of alphanumeric characters AND symbols.

I would recommend using software like PWGen for generating passwords like that:

http://sourceforge.net/projects/pwgen-win/
Top