The key is under the carpet!!
Updated: Sep 27, 2022
Many organizations typically use a password-encrypted pdf file to send monthly statements or other confidential documents. To make the user password easier, the user can construct using personal attributes like Name + DOB, Name + Employee number, etc.
As we saw in the last article (https://medium.com/@vijay_751/how-weak-is-your-strong-password-1cd4c62d98f5), unless passwords are large and highly randomized, they can be hacked easily. The same tools for password cracking can be used for unlocking PDF files.
The key here is the password that secures the file and is embedded within it, making it much easier for the hacker. Using today's libraries, you can extract the password hash from the pdf file.
https://www.thepythoncode.com/article/crack-pdf-file-password-in-python
As mentioned in the article, it is a two-step process
Brute force PDF files using pikepdf library in Python.
Extract PDF password hash and crack it using John the Ripper utility.
Additionally, some tools are available which can do the job for you.
As technology has evolved over the years, what was invented decades ago may not be appropriate in the current context of the digital world. Security & Privacy are the key themes in a highly connected world to guard against identity theft and any compromise which can cause financial damage to individuals and corporates. It can heavily dent the reputation of an organization.
At OkularID, our approach is to remove the password altogether and provide a far more secure solution than password-based security. Our approach is to bind digital assets to digital identities outside the digital asset. As OkularID authentication is facial biometric-based, it ensures that only legitimate users can view the content of a digital asset.
OkularID is a unique digital identity management platform to authenticate and validate user credentials in the digital space. It is promoted by Aikaki Limited, focused on developing a user-centric digital identity wallet enabling users to share their credentials and digital assets and securely sign documents. Visit www.okularid.com for more information.