I’ve gotten several password-protected scripts recently, and I’ve wondered whether it’s any more than security theater.

So I asked on Twitter:

Several people replied that the most recent update to Adobe Acrobat was pretty solid.

Looking around on the web, I’ve seen a similar range of opinions on how effective various encryption engines really are. But that’s with any theoretical document protected by any theoretical engine.

I’m curious how easy it is to crack the encryption on one simple document using a pretty standard engine. So I made two files, one “easy” and one “tough.”

Update! The easy PDF was cracked in less than a minute using a brute-force command-line tool for Windows. It was a four-digit number: 1806

Here’s the easy file: encryption_test

Here’s the tough file: harder_encryption

Some tips:

  • Each of these is just one page of plain text.
  • Each has instructions for where and what to email if you manage to get the PDF unlocked.
  • I don’t know the passwords. Both were generated randomly. So there’s no point trying to guess. (It’s not “umbrage.”)
  • The easy file has a shorter password.

Mostly, I’m curious whether there are any practical ways to get past these kinds of locks. I’ve avoided locked PDFs under the assumption that they’re useless, but maybe I’m wrong.

So if you’re able to open either document, I’d love to know how you did it.