Editor’s Note: This article was written by Solid Documents CEO Michael Cartwright, a specialist in PDF & Word converter technology.
When you set up password security for a PDF document you are first asked to select an encryption level for the PDF file. If you’re a computer geek you may immediately understand what this means, but if you’re not you may be puzzled. What does encryption mean and how does it affect your security choices?
What is encryption?
Encryption is the process of encoding information so that only the person (or computer) with a key can decode it. (See this article on How Encryption Works for more details.) The information is made incomprehensible or ‘scrambled’ using an algorithm, then descrambled by the device with the key to the algorithm.
Encryption is important to keep your confidential information confidential. When you send information such as bank account numbers or Social Security numbers, you want that information to be inaccessible even if intercepted by an unintended recipient.
When you select encryption level, the various choices represent how extensive the encryption will be. Higher bit numbers mean that the security is less likely to be broken or ‘hacked’ and will work with later versions of Acrobat. RC4 and AES represent different types of algorithms used during the encryption process.
When you assign a password to a document, you are setting an encryption key that the document recipient must have in order to open the document. This type of key is called a symmetric key, since the same key is used in encryption and decryption. Password protection uses a symmetric key.
Asymmetric keys, also known as public key cryptography, uses a combination of a private key and a public key. According to the article How Encryption Works, the private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. Digital certificates using a certificate authority use this type of encryption key.
How much protection does encryption provide?
Security will deter most hackers from gaining access to confidential information, and some security options offer more extensive protection than others. However, no type of security is completely hack-proof. Some ways a hacker can break a security code are:
- ‘Brute force’ attack – the hacker tries the password with as many different possibilities as possible.
- Debuggers – these work much like debuggers used by software engineers to find errors in programs. They stop the computer at each instruction at the same time the computer performs it.
- Packet sniffer or protocol analyzer – if passwords are transported across a medium such as the Internet, this detects and intercepts passwords.
High encryption levels protect you against brute force attacks, in which the hacker simply tests a number of combinations to see which works. Higher encryption increases the number of possibilities that must be tried, or ‘key-lengths,’ to unlock the document. With 40-bit encryption, the hacker would have 240 different key-lengths in which the right key might be found. With 128-bit encryption, that number increases substantially to 2128. Thus, 128-bit encryption is significantly more secure against this type of attack than 40-bit encryption.
How you can make documents more secure
Passwords give the first level of protection to your PDF document. You can set passwords so that only authorized users can open the document and/or only individuals with permissions can print, edit, or copy from the document. Other forms of security, such as digital signatures and certificates, are available from other vendors to address different types of security needs.
You can also help protect the confidentiality of your PDF by applying standard rules for creating good passwords: combine numbers and letters, make your passwords 8 or more characters long, don’t use common dictionary words alone, and so forth. This will further ensure that your precious information does not fall prey to cyber-intruders.
- How Encryption Works, How Stuff Works
- Introduction to PDF Security, Dan Shea, Planet PDF
- The Keys to Your Cottage: an overview of PDF document security, Narayan Sainaney, Planet PDF
- Adobe PDF Security – Understanding and Using Security Features with Adobe Reader and Adobe Acrobat (White Paper), Adobe Corporation