LockLizard Technology Brief Sample

When Adobe first introduced PDF access control security, the controls the publisher selected were enforced by using passwords. Passwords were the commonest access control mechanism in use at the time, because, in fact, there was nothing else that was viable. But the way it was implemented was not a good idea, because it left it up to human beings to ‘decide’ what the passwords should be – and they inevitably chose passwords that were short and easy to cope with (and therefore easy for password crackers to attack) as against long, complex, and difficult to type in, because it was more important not to annoy your recipient than to worry about if what you were doing was realistically secure.

Unfortunately, using passwords as controls also allowed any recipient of a password protected document to pass it, and the associated password(s) to anyone they chose, and nobody was any the wiser. No mechanisms were created that could check that the person using the password was authorized to do that.