|
Message-ID: <20130922172302.GA17237@lonestar> Date: Sun, 22 Sep 2013 22:53:02 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Research on better-than-brute-force attacks on PDF cryptography On 09/17/13 at 08:26pm, Florian Weimer wrote: > I've looked at a PDF implementation, compared it against the specification > (including Adobe's supplement covering AES-256), and unless I'm missing > something, there are a few odd things there. > > Does anyone know if there's published research into this topic? I could > only find indications that the specification does not adequately defend > against brute-force password guessing. Which is probably true, but not > exactly my concern. Hi Florian, http://tinyurl.com/pdf-fmt-plug-c might help you in your research. For unknown reasons, Adobe weakened their "KDF" in the "R5" scheme, a mistake which they have fixed in their current "R6" scheme. -- Dhiru
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.