oss-sec mailing list archives
Re: Research on better-than-brute-force attacks on PDF cryptography
From: Dhiru Kholia <dhiru.kholia () gmail com>
Date: Sun, 22 Sep 2013 22:53:02 +0530
On 09/17/13 at 08:26pm, Florian Weimer wrote:
I've looked at a PDF implementation, compared it against the specification (including Adobe's supplement covering AES-256), and unless I'm missing something, there are a few odd things there. Does anyone know if there's published research into this topic? I could only find indications that the specification does not adequately defend against brute-force password guessing. Which is probably true, but not exactly my concern.
Hi Florian, http://tinyurl.com/pdf-fmt-plug-c might help you in your research. For unknown reasons, Adobe weakened their "KDF" in the "R5" scheme, a mistake which they have fixed in their current "R6" scheme. -- Dhiru
Current thread:
- Research on better-than-brute-force attacks on PDF cryptography Florian Weimer (Sep 17)
- Re: Research on better-than-brute-force attacks on PDF cryptography Dhiru Kholia (Sep 22)