Wow, Adobe rethinks PDF security. Curious why? Because of vulnerabilities in Abobe Reader (and so zero-day exploits), of course. From the article:
According to Finnish security company F-Secure, patching 48.9% of all targeted attacks conducted this year involved a malicious PDF file attached to a legitimate-looking e-mail, a huge change from 2008, when PDFs made up just 28.6% of targeted attacks.
Better/improved encryption (128-bit RC4) has been introduced in Acrobat 5 a long time ago; in next version, AES encryption has been added — so only brute-force and dictionary attacks were applicable, and recovery speed was low. However, we have found that Adobe Acrobat 9 Is a Hundred Times Less Secure compared to version 8). Moreover, GPU acceleration is now possible, so achieving even better recovery speed.
Surprisingly, Adobe has responded in their blog: see Acrobat 9 and password encryption. Here is what they said:
The current specification for password-based 256-bit AES encryption in PDF provides greater performance than the previous 128-bit AES implementation.
First, that’s not true (if you don’t trust me, make some bench. Second, the encryption (of the file’s data) is not related to password verification routine. You can use the strongest zillion-bit algorithm, but simple and fast password checking function, and so passwords can be effectively cracked (well, recovered :)) in a reasonable time.
Last but not least (also from Adobe’s blog):
256-bit AES encryption is widely known to be stronger than 128-bit AES.
Of course it is. But first, it’s a pure marketing issue: 128 bit is more than enough (well, for next dozen years). Second, the password is still the weakest link.