Two Passwords Are Better Than One: The Low-Down On PDF Security

For people who don’t spend their time looking at PDF files in text editors*, PDF security is a sometimes misunderstood beast.

For example, those document restrictions that PDF files sometimes have — no Printing, Content Copying, Page Extraction, etc — are essentially useless unless the PDF also has a User Password.

Unfortunately many people make the mistake of thinking that using an Owner Password on a PDF — the password you specify when applying document restrictions — is enough to keep their PDF secure.

It most definitely is not enough. In fact, it’s ridiculously easy for someone who knows what they’re doing (or has bought the right cheap tool) to decrypt a PDF which only uses an Owner Password.

Owner password, user password

There are two different types of passwords which can be used to secure a PDF file.

Owner Password

The Owner Password is also known as the Master Password. This is the password that you specify when you want to apply permissions to a PDF. For example, if you don’t want to allow printing of the PDF or if you don’t want to allow pages to be extracted, then you can specify permissions which prevent that from happening.

User Password

The User Password is also known as the Open Password. This is the password that you specify if you want to require the end-user to enter in a password *before* they view the PDF. If they don’t have the right password, then they can’t view the PDF.

Here’s the catch

Technically the Owner Password or the User Password can be used interchangeably to decrypt or open an encrypted PDF if only an Owner Password or a User Password is set.

So if you want to add some document restrictions and in the process set an Owner Password, but do not bother to set a User Password, then the empty User Password string can be used to decrypt the encryption which was set using the Owner Password.

Yeah, it’s true. It’s not possible to do this in Adobe Acrobat (because Adobe don’t want you to do this), but it is technically possible to do it if you have read and understood the PDF specification. Indeed, some PDF viewers ignore security settings entirely and will automatically decrypt a PDF if a user password is not set.

The PDF specification leaves it up to the conforming PDF reader to honor the security settings of the PDF. This is why Adobe Reader won’t let you decrypt a PDF using an empty password but other tools will let you.

Two passwords are better than one

The good news is that PDF security isn’t useless if the right steps are taken. If you use both an Owner Password AND a User Password then the above mentioned trickery is not possible and hackers must rely on brute force attacks to try to break the encryption. This is *much* harder, and while not impossible, it makes the PDF practically as secure as any other digital thing which has been encrypted using the same methods.

Here is some further technical reading on the topic:

* PDF uses a subset of the PostScript page description programming language for generating the layout and graphics, so you can actually open a PDF in a text editor and look at the code that is used to generate the PDF. But be warned, PDF is a binary format so editing what you see in the text editor will most likely corrupt your PDF, so be careful!

You May Also Like

About the Author: Rowan Hanna

Leave a Reply