Stephen Withers
Monday, 08 December 2008 04:57
Your IT -
Home IT
Page 1 of 2
We normally expect successive versions of software increasingly secure. But thanks to a change made by Adobe in Acrobat 9, simple passwords - the kind most people use - can be cracked more quickly than they could with version 8.
Acrobat is Adobe's software for creating and using PDF (Portable Document Format) documents.
Originally defined by Adobe, PDF is now an ISO standard (standard number 32000).
Acrobat 9 supports password-based 256-bit AES encryption rather than 128-bit.
You might have expected this to be more secure, and in a very real sense it is. The problem is that it allows brute-force password-guessing attacks to try more passwords in a given amount of time.
As Adobe puts it, the new implementation "can also allow external brute-force cracking tools to attempt to guess document passwords more rapidly because fewer processor cycles are required to test each password guess."
According to ElcomSoft - a Russia-based developer of utilities including Advanced PDF Password Recovery - simple passwords can be cracked (err,
recovered) 100 times faster with Acrobat 9.
"The new version of Adobe Acrobat is easier to break," said ElcomSoft CEO Vladimir Katalov. "The new product has surprisingly weak protection."
Company officials claimed numerous researchers have found that most people use passwords of up to seven characters.
What's changed, and what can you do about it? See
page 2.
LATEST HEADLINES FROM YOUR IT
