Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 22 Sep 2013 22:53:02 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Research on better-than-brute-force attacks on
 PDF cryptography

On 09/17/13 at 08:26pm, Florian Weimer wrote:
> I've looked at a PDF implementation, compared it against the specification
> (including Adobe's supplement covering AES-256), and unless I'm missing
> something, there are a few odd things there.
>
> Does anyone know if there's published research into this topic?  I could
> only find indications that the specification does not adequately defend
> against brute-force password guessing.  Which is probably true, but not
> exactly my concern.

Hi Florian,

http://tinyurl.com/pdf-fmt-plug-c might help you in your research.

For unknown reasons, Adobe weakened their "KDF" in the "R5" scheme, a
mistake which they have fixed in their current "R6" scheme.

--
Dhiru

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.