13

I thought that if a PDF is password encrypted, it is at least provides some kind of safety. However I received today an encrypted PDF, and was told the password. When I opened the document with my local PDF reader, I was expected to enter the password.

However then I tried the following:

There is a website www.ilovepdf.com, which offers several online tools, among them a tool for unlocking a PDF. I uploaded the locked PDF to this site. The site showed it indeed as "locked", but when I pressed the "Unlock" button on this site, I got my PDF in clear text, without having to enter the password.

Basically everyone can, using this site, unlock a PDF without knowing the password. I wonder what security PDF password protection really offers.

Improve this question
11
  • 9
    that sounds like "locking" with password protection, but not encryption with password protection. (it was likely not encrypted) See this page for the differences ("Add Password to PDF" vs "Advanced Password Protection"): helpx.adobe.com/acrobat/using/securing-pdfs-passwords.html Commented Feb 11 at 18:02
  • 2
    The simple method doesn't encrypt anything... presumably to prevent users from losing data if they forget the password they set. Commented Feb 11 at 18:07
  • 4
    @browsermator I'm curious: What is the point of a password without encryption, if it can be removed with close to no effort? Commented Feb 12 at 9:48
  • 7
    I wonder why nobody has commented on a wisdom of uploading a pdf to an online service yet. Also, maybe the pdf author only paid a lip-service to a security and used e.g. a four digit pin, those are quick to enumerate. Commented Feb 12 at 11:34
  • 1
    @Klaus Nielsen, well it's really a "lock" feature which relies on the client to lock the contents. It's an example of why you never trust the client to secure anything. I didn't really check into this in depth, but I'd guess it's just a feature the client must support, and the password would be included in the file. Commented Feb 12 at 17:18

2 Answers 2

Reset to default
5
Potential Malware Notice / Security Disclaimer:

I cannot vouch for the safety of using the software provided by www.ilovepdf.com. As a general standard, never upload any documents with sensitive information to any site, not just this one. But specific to www.ilovepdf.com, there appears to be suspicion that their desktop application may contain malware. This report may or may not indicate any actual malware. But as with any software, use at your own risk.

Non-standard Encryptionless Password Protection

As @ja1024 pointed out, Adobe may offer some kind of non-standard encryptionless password protection. (That sounds like a really terrible idea to me though.. make it seem like it's safe, when it's totally not??)

Even still, there are a couple things to note here about the standard password-protected PDFs that are actually encrypted.

Use Strong Passwords

Before I go into the specification, please recognize that www.ilovepdf.com tries common passwords (might even use a rainbow table), and may also attempt to crack weak ciphers (e.g. RC4). If it can't figure it out, though, it will ask you to fill in the password.

You can test this yourself by encrypting any random PDF with a weak password, then a strong password, and trying www.ilovepdf.com.

Moral of the story: Use strong passwords!!

The Specification and Restricted PDFs

The PDF specification (ISO 32000-2, accessible here) covers encryption in chapter 7.6, and does clearly indicate that password protection requires encryption, and that encryption encrypts every string and stream in the PDF file, save for a few obvious exceptions (e.g., the strings dictating the type and configuration of the encryption used).

With that said, the encryption algorithm varies depending on PDF version and choice of encryption (The V key in the encryption dictionary, Ch. 7.6.2 Table 20). Most older PDF versions rely on RC4, which is known to be a weaker algorithm. Newer PDF versions, though, allow (and strongly encourage) using AES with either a 128 or 256 bit key.

But another thing I think some people are familiar with is view-only or restricted PDFs, i.e. a form of encrypted PDFs that prevent modifying, printing, etc. This comes from the fact that encrypted PDFs can have two passwords (Ch. 7.6.4.1):

  • A User password (optional)
  • An Owner password

Both passwords are used to encrypt a single key which is in turn used to encrypt/decrypt the PDF strings and streams. So, knowing either one of these passwords allows decrypting and reading the PDF. Encrypted files always have an owner password. But again, the user password is optional:

  • If the user password is set, the document cannot be opened or viewed without knowing one of the passwords. Again, the document is encrypted here. So, just opening it anyway is not an option.

  • But if the user password is not set, it is assigned to an empty value. When the PDF is opened, the reader tries a blank password first. If it succeeds, the PDF will open without asking for a password.

The purpose of the 'owner' password is to allow the creator of the PDF to apply various restrictions to it (Ch. 7.6.4.2 Table 22 lists the bit flags that control these permissions). If a user only knows the user password (or if it's blank), the editor they are using will normally apply these constraints. Whereas, someone opening it with the owner password will not be restricted. With that said, these constraints are solely at the discretion of the PDF viewer. While the specification indicates that all PDF viewers should conform, nothing would prevent a developer from deviating.

So, ultimately, these restrictions on encrypted PDFs are not impossible to bypass, as one would expect. And a tool like www.ilovepdf.com, given the password (or upon guessing it), will simply strip them out.

Improve this answer
23

There are multiple ways for protecting a PDF file.

You can use password-based encryption. Given a sufficiently strong algorithm like AES, it's not possible to simply remove password protection, because the file by itself is unreadable without the password. If you submit an encrypted file to the linked website, you'll be prompted for the password instead of getting a readable document (“Some files require password”).

At least Adobe tools also support password protection without encryption – though I haven't been able to find this feature in the PDF standard. In any case, the document content is available as plaintext, and any PDF editor can simply remove the restriction. This is what the website does.

Improve this answer
4
  • 22
    Note that the latter is also true for 'protection' against high-res printing or copying content - basically, the PDF contains a polite note asking the software to not to do that. Commented Feb 12 at 7:16
  • 11
    This is analogous to protecting the data on your computer with a login password versus using full-disk encryption. If you just use a login password, someone with physical access to the media can read it all. Commented Feb 12 at 16:30
  • 4
    @Barmar: I think it is more analogous to protecting your valuables by leaving the door to your house wide open but put up the sign that says "if you don't have the key, please don't come inside". Commented Feb 13 at 11:55
  • 1
    @JörgWMittag Even better: Snail mailing a document with "To be opened only by addressee" on the envelope. Commented Feb 13 at 15:58

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.