[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Research on better-than-brute-force attacks on PDF cryptography
From:       Dhiru Kholia <dhiru.kholia () gmail ! com>
Date:       2013-09-22 17:35:02
Message-ID: 20130922172302.GA17237 () lonestar
[Download RAW message or body]

On 09/17/13 at 08:26pm, Florian Weimer wrote:
> I've looked at a PDF implementation, compared it against the specification
> (including Adobe's supplement covering AES-256), and unless I'm missing
> something, there are a few odd things there.
>
> Does anyone know if there's published research into this topic?  I could
> only find indications that the specification does not adequately defend
> against brute-force password guessing.  Which is probably true, but not
> exactly my concern.

Hi Florian,

http://tinyurl.com/pdf-fmt-plug-c might help you in your research.

For unknown reasons, Adobe weakened their "KDF" in the "R5" scheme, a
mistake which they have fixed in their current "R6" scheme.

--
Dhiru
[prev in list] [next in list] [prev in thread] [next in thread]