 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- > bounces+blu=nedharvey.com at blu.org] On Behalf Of Scott Ehrlich > > How safe is a password-protected PDF file sent via email? > > I've never run a sniffer to see what could be learned from doing this. It varies according to the application that creates / encrypts the pdf. But that's probably not very significant. Most of all, there's basically no way to generate a strong enough password to withstand a brute force attack ... Because if you have some secure channel to securely communicate a 43-char long random alphanumeric string with 256bits of binary degrees of freedom, you would probably just use that channel to send the pdf directly. Later versions of Acrobat support S/MIME keys, which are strong enough. You do a key exchange with some recipient and then encrypt, it'll be pretty secure. But complexity is a bit too high for most people. But I see a lot of VPN's out there, and other stuff, configured by people who just don't care about that. So assuming you're not afraid of a brute force attack... In acrobat 3, they supported 40-bit RC4. Not considered secure today. acrobat 6, 128-bit RC4. Still not secure. acrobat 7, 128-bit AES. Maybe secure today, depending on your needs acrobat 9, 256-bit AES. Generally considered secure today as long as you have a sufficiently strong key (on the order of 256 bits effective entropy)
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
