The Mac Security Blog

Security & Privacy + Software & Apps

Adobe Acrobat 9 Offers Weaker Password Protection than Acrobat 8

Posted on by

Reports saying that Adobe Acrobat 9 has weaker password protection than the previous version of Acrobat have been confirmed, sort of, by Adobe. Initial reports from a Russian company, Elcomsoft, who makes software that cracks Acrobat passwords (which shows that, already, they weren’t that secure…) has found that Acrobat 9 is easier to crack. The Macworld article linked above says that, “the change in the underlying algorithm for Acrobat 9 makes cracking a weak password – especially a short one with only upper and lower case letters – up to 100 times faster than in Acrobat 8.”

Adobe, for their part, uses many words to defend the change:

Additional security measures were added to the 256-bit AES implementation of password security in PDF, and Adobe Acrobat and Adobe Reader 9 both support these measures.  Specifically, Acrobat 8 used pass-phrases of up to 32 Roman characters in length for 128-bit AES encryption. Acrobat 9 now supports pass-phrases of 127 Roman characters in length for 256-bit AES encryption and added support for unicode characters. In the permutation with repetitions formula used to calculate how many unique pass-phrases are possible, XY, Adobe has increased both X and Y in Acrobat 9. Pass-phrases can now be up to 4 times as long and support a greater number of international characters and symbols to be entered by keyboards around the world, which can greatly increase document protection when used properly.

What this all means is that it can be easier to crack an Acrobat password, if the password is short and uses only upper- and lower-case letters. Adobe gives a good suggestion on choosing a password: “Need help picking a long pass-phrase? Pick a line or two from your favorite song or poem and add numbers or symbols if they aren’t already there.” However, most people don’t follow such advice, and use the name of their child, dog or college.

Bottom line? If you password-protect Adobe Acrobat documents and expect them to remain secret, think of a really good password, with a mix of letters, numbers and other characters. But don’t forget that the Russians are going to find a way to crack it, eventually.

Comments are closed.