Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
SECURELY LOCKING DOWN PDFS REDUX
June 17, 2009
Last week, I posted advice from John about how to securely lock down a PDF document.
It was good advice. Except that a vendor, who wants you to PAY for a secure lock-down wrote me in part:
"I would like to just say that this method, and most methods used to attempt to protect PDF documents this way DO NOT work. What's true today, will not be true tomorrow as technology approves (sic). Eventually, it will be hacked.
We provide a surefire way of providing not only document protection, but we also make it extremely easy for people to share those documents without any fear of them being altered."
Hey, I understand that folks have a product to sell. But trying to invalidate a good (and free) methodology doesn't seem quite right to me. I asked John for his response, which was:
"Technically the statement is correct. Eventually you could crack a 180 character password with a grid computer system running non-stop for four centuries. I’m just kidding about the password length and time, but the point is that given enough time and resources a password can be cracked. That’s the technical answer; however, I’d like to think that we need to be practical and not try to scare the consumer into using overkill methods when what they already have will meet their needs.
The point of using a two password system for PDFs is to prevent all of those free and low cost crackers from accessing the PDF decryption scheme.
Most of the vendors want you send an unsecured file to their servers. Where's the security in that? Talk about a fertile field to lift client data. That’s the same way the TJX data got compromised – they lifted the credit card data BEFORE it was encrypted."
I'm standing by my man on this one.
Listen to the Podcast
