Adobe Acrobat 9 Password Security Issues and Hundreds of Employee Layoffs
After it has recently came to light that breaking an Acrobat 9 password by means of brute force attacks is not as hard as it ought to be, Adobe has come out and provided a few explanations. In related news, Adobe has announced that it plans to implement a restructuring program – translation: fire about 600 employees, full time jobs occupied by people all over the world.
A little while back Elcomsoft, Russian company that provides password recovery software, has come out and said that it is about 100 (yes, one hundred) times easier to guess the password for Acrobat 9 encrypted files, ass opposed to the previous version of the same software.
This is what Adobe had to reply: “The current specification for password-based 256-bit AES encryption in PDF provides greater performance than the previous 128-bit AES implementation. While this allows for 256-bit AES password protected documents to open faster in Acrobat 9, it can also allow external brute-force cracking tools to attempt to guess document passwords more rapidly because fewer processor cycles are required to test each password guess. These tools operate independently of Acrobat and work directly on a password protected document by repeatedly guessing from lists of dictionary words like "turkey", "potato", and "pie" to see if the document will open.”
The thing that you must keep in mind that if you use simple passwords, just like Adobe mentioned above, things like “potato”, it will be incredibly easy for someone with malicious intent to break your password. Instead, try using longer passwords, phrases even, throw in couple of numbers, and even obfuscate the password. With Acrobat 9 you can set up passwords up to 127 characters long – which is roughly about one third of this entire article.
In related news, some 600 Adobe employees will be out of a job in the very near future. Adobe resorted to this restructuring program in order to save money (of course) and plans to layoff low level employees along with top ranking management members of its 7,000 large team. The latest employee to get the boot is principal evangelist with Flash, Flex and AIR, Mike Downey.
A little while back Elcomsoft, Russian company that provides password recovery software, has come out and said that it is about 100 (yes, one hundred) times easier to guess the password for Acrobat 9 encrypted files, ass opposed to the previous version of the same software.
This is what Adobe had to reply: “The current specification for password-based 256-bit AES encryption in PDF provides greater performance than the previous 128-bit AES implementation. While this allows for 256-bit AES password protected documents to open faster in Acrobat 9, it can also allow external brute-force cracking tools to attempt to guess document passwords more rapidly because fewer processor cycles are required to test each password guess. These tools operate independently of Acrobat and work directly on a password protected document by repeatedly guessing from lists of dictionary words like "turkey", "potato", and "pie" to see if the document will open.”
The thing that you must keep in mind that if you use simple passwords, just like Adobe mentioned above, things like “potato”, it will be incredibly easy for someone with malicious intent to break your password. Instead, try using longer passwords, phrases even, throw in couple of numbers, and even obfuscate the password. With Acrobat 9 you can set up passwords up to 127 characters long – which is roughly about one third of this entire article.
In related news, some 600 Adobe employees will be out of a job in the very near future. Adobe resorted to this restructuring program in order to save money (of course) and plans to layoff low level employees along with top ranking management members of its 7,000 large team. The latest employee to get the boot is principal evangelist with Flash, Flex and AIR, Mike Downey.
