Eight-character passwords for Adobe Acrobat PDF documents are no longer a reliable security protection, says Russian security software vendor ElcomSoft.
In a press release issued this week, the vendor of password recovery tools says the security measures in the latest version of Adobe’s PDF software, Acrobat 9, is two-orders of magnitude easier to crack than previous versions.
While Adobe advertises Acrobat 9 as the most secure PDF production tool ever with enhanced 256-bit encryption, ElcomSoft has discovered that the new PDF protection system implemented in Acrobat 9 is even faster to recover than in previous versions. Even the use of 256-bit Advanced Encryption Standard (AES) keys alone won’t keep Acrobat PDF documents secure, the company says.
"The new version of Adobe Acrobat is easier to break," claims ElcomSoft CEO Vladimir Katalov. "Passwords of eight symbols or less are no longer secure.”
ElcomSoft is best known for its discovery of security weaknesses in Adobe's eBook software in 2001.
Elcomsoft released its security vulnerability review of Adobe Acrobat 9 with the announcement of its new product, Advanced PDF Password Recovery 5.0, which can recover 40-bit encryption in a matter of minutes by searching for the encryption key instead of attempting to guess the password. The product also provides advanced methods to recover password-protected documents encrypted with 128-bit keys used in Acrobat versions 5.x to 8.x.
