Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

How can I check quickly if a pdf is decrypted right?

To discuss DES MD5 El-Gamal RSA PGP and others....
Locked
joblack
Junior Member
Posts: 27
Joined: Wed Feb 10, 2010 8:12 am

How can I check quickly if a pdf is decrypted right?

Post by joblack »

Of course I can open it but software like Elcomsoft pdf cracker seems to determine very fast if it's the right key.

Any idea?
sikke
Junior Member
Posts: 10
Joined: Sat Feb 27, 2010 10:03 am

read the specs

Post by sikke »

In the specs (check the Adobe site) there is a description of how to detect the correct password, with a complete algorithm. Essentially, the password is transformed to a key (using a document specific salt, mostly, via hashing) and then a known plaintext (16 or 32 bytes, depending on the document for recent variants, there are more ways to encrypt) is encrypted with that key, and the result is stored in the encrypted PDF. The check for a password checks that the result is that known/ computed plaintext.
joblack
Junior Member
Posts: 27
Joined: Wed Feb 10, 2010 8:12 am

Post by joblack »

There must be some kind of mechanism with a password protected pdf but we need the (non-'Standard') Security handler protection. For that I haven't found a mechanism for it. You might check if strings are in an allowed threshold but with unicode and chinese characters that doesn't have to work ;) .
sikke
Junior Member
Posts: 10
Joined: Sat Feb 27, 2010 10:03 am

What handler?

Post by sikke »

Don't most security handlers also have some checkdata like normal password protected (via the standard methods) have? What security handler are you talking about?
I do believe all must have such a check, for the reasons you described.

Otherwise you could decompress a compressed part (after decryption), and then watch for errors.
joblack
Junior Member
Posts: 27
Joined: Wed Feb 10, 2010 8:12 am

Post by joblack »

sikke wrote: Otherwise you could decompress a compressed part (after decryption), and then watch for errors.
Of course you can see it if you manually open it but how can you deterministically automate this?
sikke
Junior Member
Posts: 10
Joined: Sat Feb 27, 2010 10:03 am

Again, what handler?

Post by sikke »

joblack wrote:Of course you can see it if you manually open it but how can you deterministically automate this?

Please provide details of the handler in question. I'm convinced there is an easy check somewhere.

Do you know how to decrypt it (programmatically) when you have the correct password?
If so, you could try to decrypt and then decompress (e.g. using Deflate, using zlib) some object.
If you get an error, you have the wrong password.
joblack
Junior Member
Posts: 27
Joined: Wed Feb 10, 2010 8:12 am

Post by joblack »

sikke wrote:Please provide details of the handler in question. I'm convinced there is an easy check somewhere.

I`m talking about the password protection from the fileopen plugin.
Locked