Acrobat 9 can weaken password protection

Stephen Withers
Monday, 08 December 2008 03:57

Your IT - Home IT

ElcomSoft plans to add GPU-based acceleration to its password recovery product, taking advantage of the way modern graphics chips are able to perform certain types of operations extremely quickly.

(Apple previously announce that Mac OS X 10.6 Snow Leopard will feature OpenCL, a technology that will make it easier for developers to tap the GPU for general-purpose computing.)

So how can you make sure your documents produced with Acrobat 9 are reasonably secure?

As with other systems, the trick is to think in terms of a passphrase, not a password. Acrobat 9 allows the use of phrases of up to 127 Roman characters, compared with 32 characters in earlier versions.

Furthermore, a wider range of characters can be used in passphrases thanks to Unicode support.

Increasing both the number and variety of characters that can be used in a passphrase greatly increases its potential strength - but if you insist on using a simple dictionary word, it can be found by a brute-force attack as easily as ever.

Adobe's advice for people struggling to think of a long passphrase? "Pick a line or two from your favorite song or poem and add numbers or symbols if they aren't already there."

And if that's still not enough, "Adobe continues to recommend using PKI-based encryption or Adobe LiveCycle Rights Management encryption - instead of user-generated document open passwords... Document protection can also be increased with hardware tokens - including three-factor authentication with a smartcard, PIN and biometric."