So I had a password protected PDF file which unfortunately I had forgotten the password for. Knowing some attributes of the password, I had a feeling it would be fairly quick to perform a brute-force method to crack the password. So I used the power of Google to find a free PDF password cracking tool. Yes, this is perfectly legal.
It turns out that this particular tool was originally written for Linux, but someone had graciously used CygWin to compile a Windows version so I could run it on my Windows PC. [1]
So background for the non techies: A brute-force method is one that essentially tries every possible combination until it succeeds. For something like a PDF file, which is resident on the computer running the algorithm, it can be quite fast.[2] In fact, it is SO astonishingly fast that I was inspired to write this blog post.
So my relatively fast, but far from state-of-the-art Pentium 4 machine clocks in at 3.4GHz and has 3GB of RAM. [3] This is pretty quick for a single core computer, but quite slow relative to the multi-CPU machines that are readily available today. Anyhow, my ordinary PC can test approximately 41 thousand passwords per second. To put that in perspective, consider a 5-digit random password containing upper-case letters, lower-case letters and numbers (62 different characters per digit). There are precisely 916,132,832 different passwords that can be made this way.[4] At the speed of my computer, I can crack ANY 5 digit password following these rules in just over 6 hours. Smaller passwords take less than 6 minutes. Consider that a typical 4-digit numerical ATM card PIN would take a mere quarter of a second to crack.[5]
The lesson here is that with a room full of computers (or networks of computers), cracking even significantly longer passwords comes into reach. Using lists of common words, names, etc. (i.e. dictionary attacks) are obviously even faster. This is why your passwords should be A) long, B) contain lots of different characters C) not be common words or phrases and D) not be the same everywhere you use them.
Oh, I remembered that the passwords on the PDF files were numerical and relatively short, which makes for a pretty weak password, but it was sufficient for this need. It took far longer to install the software than it did to crack the password.
- Yes, I know, I really should have been able to do this myself, but after a couple of weird linking errors I decided to move forward. As a pet project, I intend to reproduce this work myself just to make sure I still remember how. [↩]
- It would be slower if the system was remote and the password attempts had to be sent over the network, or if the system being ‘cracked’ prevents more than a few password attempts before locking the account. [↩]
- Actually 4GB of RAM, but WXP can’t see all of it. [↩]
- 931,151,402 if you include shorter passwords. [↩]
- Fortunately, you have to have the card AND the ability to enter 10000 PIN numbers without getting your card eaten by the machine. [↩]
April 14th, 2009 at 6:49 pm
PS: pdfcrack has a benchmarking feature. here are the stats for my machine:
April 15th, 2009 at 11:43 am
What about using one of the password-generation dealies? I tried this one for awhile, but was stymied by not being able to access any of my passworded accounts from school. https://addons.mozilla.org/en-US/firefox/addon/469 Thoughts?
April 15th, 2009 at 6:59 pm
Not having access wherever you go is usually the problem with solutions like these. Consider a solution where you take your encrypted password vault with you instead.
April 15th, 2009 at 8:03 pm
Ok. my geek cred is still intact. I was being a real moron when I couldn’t get this to compile before… got lost chasing a wild goose. (The MakeFile was broken because gcc under CygWin automatically adds a .exe extension to the resulting executable… and I though it was a linker problem.)
Compiled with optimization specifically for my P4 improves the benchmark numbers by 10-15%.
Sweet.
April 15th, 2009 at 8:07 pm
This is why the password to all my accounts is 12345. Just like President Skroob.
May 17th, 2009 at 7:11 pm
Hello,can anyone point me out why cant crack this please,the test file came from another source but the user pw is known and can be opened. Did I do something wrong,syntax etc?
PDF version 1.6
Security Handler: Standard
V: 2
R: 3
P: -3904
Length: 128
Encrypted Metadata: True
FileID: 2cebd5cc2455d759b95b3e2d2101883e
U: ba08771959e4e7f7e59cc8041479536674006800000000000000000018d8da00
O: 4d67f0a75240fadb07c280db5ec0245d4ae71f23d65d789d0e7100d248cb6589
Average Speed: 33442.7 w/s. Current Word: ’78Wb’
Average Speed: 33431.2 w/s. Current Word: ‘o5Ke’
Average Speed: 33543.6 w/s. Current Word: ‘TBzh’
Average Speed: 33527.7 w/s. Current Word: ‘h3nk’
Average Speed: 33617.8 w/s. Current Word: ‘JXcn’
Average Speed: 33246.2 w/s. Current Word: ‘lWZp’
Average Speed: 33403.6 w/s. Current Word: ‘HJNs’
Average Speed: 33268.2 w/s. Current Word: ‘oPAv’
Average Speed: 33455.8 w/s. Current Word: ‘AToy’
Average Speed: 33204.2 w/s. Current Word: ‘DEbB’
Average Speed: 33366.8 w/s. Current Word: ’7fZD’
Average Speed: 33526.1 w/s. Current Word: ‘YGNG’
Average Speed: 33457.9 w/s. Current Word: ‘RLBJ’
Average Speed: 33632.6 w/s. Current Word: ’4KqM’
Average Speed: 33462.9 w/s. Current Word: ‘yReP’
Average Speed: 33525.7 w/s. Current Word: ‘hi3R’
Average Speed: 33485.7 w/s. Current Word: ’6vRU’
Average Speed: 33447.7 w/s. Current Word: ‘FxFX’
Average Speed: 33616.9 w/s. Current Word: ‘Pru0′
Average Speed: 33495.7 w/s. Current Word: ‘TIi3′
Average Speed: 33402.5 w/s. Current Word: ‘Tv65′
Average Speed: 33600.6 w/s. Current Word: ‘MkV8′
Could not find password
May 17th, 2009 at 7:23 pm
What command line options did you use? It looks like you only searched passwords up to 4 characters in length. ‘aaaa’ through ’9999′. If the password has special characters (not a-z, A-Z or 0-9) or is longer than 4 characters, you will have to use other command line options.
Remember, using a tool like this to access a file that you are not authorized to open may be a violation of the law.
May 17th, 2009 at 8:06 pm
Thank you and really appreciated for your kind reply.
Syntax used is :
pdfcrack test.pdf -m 4
The source file is an ebook I’ve dl’ed from P2P which have a given pw of all lowercase,4-letter word.Can open but I found this pdfcrack thing and cross-checked to see/learn using it. I’ve also tried different switches -c abcd….z,etc but still the same result. “Could not find”.
May 18th, 2009 at 7:07 am
Hmm, not sure. I suppose it could be a newer/different form of PDF encryption than PDFCrack is designed to resolve. One last thought, it could be the “owner” password rather than the “user” password. Use the “-o” option.
And once again: Remember, using a tool like this to access a file that you are not authorized to open may be a violation of the law.
May 18th, 2009 at 11:30 am
Thanks again, by visiting this blog did I also enjoys articles on email security and backup,not to mention above posts. I’ve also noticed your Nate is very cute,Tux on his tee(at least to me they’re all Tux’s cousins) only adds uber cool.