Have you ever wanted to secure a single file from prying eyes? Ever wondered if you can trust the security features in Word or Acrobat? Ever received a Word or PDF file that was locked with those features, requiring a password to open it? I was curious about these features, so I did a little research and then tried to hack them. The results were eye-opening, and reinforce the importance of good password hygiene.
Since at least 1995, Microsoft Office has provided document protection features—specifically, the ability to “lock” a file with a password. Locking sounds good, right? Microsoft’s locking feature uses encryption to scramble the contents of a file unless the user supplies the correct password. Unfortunately, for five major releases spanning a decade, the particular encryption methods Office used were terrible.
With Office 2007, Microsoft finally brought modern cryptography to Office documents. Instead of the weak methods used before, Office 2007 document protection was based on a strong, industry-standard encryption algorithm called AES. Office 2010 and 2013 added further cryptographic improvements.
The PDF file format has a similar encryption story. Earlier versions of the format had fairly weak encryption, and common cracking tools make quick work of it. But for more recent versions, cracking is much harder.
Adventures in Password Cracking
Even with these better algorithms, it’s still very easy to shoot yourself in the foot if you pick a bad password to lock a document. I performed some experiments to demonstrate just how badly this can go. I did these experiments with hashcat, an indispensable tool well known to computer security professionals. Tools like hashcat perform brute-force attacks, either trying every password in a list or crunching through millions of permutations. If you try this brute-force attack against an online service, you’ll quickly find yourself locked out after a few attempts. But you can hammer away as much as you want at encrypted files you possess.
Terrible Passwords Get Cracked Immediately
For the first test, I asked Sam Glover to send me a Word file locked with a password of his choice from a list of the 500 most commonly-used passwords. He did not tell me which one. Using that list, hashcat cracked the file in 22 seconds.
Less-Terrible Passwords Also Get Cracked Immediately
Lawyerist readers are smart! I’m sure you can come up with a much better password. How about a really obscure word? Bad news: hashcat can try every word in the dictionary in no time. To prove the point, I picked the 100,000th word out of the 235,000-word list that ships with MacOS and encrypted a PDF file with it. It took 6 seconds for hashcat to crack it. The lesson here is that any word in a dictionary is still a terrible password.
Medium-Bad Password Are Way Better!
How about a random sequence of 8 letters, mixed upper and lowercase? That would be hard to guess, right?
To find out, I generated a password with those parameters and locked a Word file with it. My generated password wasn’t in any of the password lists I had, so hashcat couldn’t crack it that way. But hashcat is more clever than that. Once I instructed it to try every permutation of uppercase and lowercase letters, hashcat estimated it would churn through every possible 8-character permutation in about 600 years, at least on my laptop. That’s more like it!
Notably, a locked PDF performed far worse than a locked Word 2010 document. A PDF exported by Word 2010, using a similar 8-character password, would have taken about 3.5 years for my laptop to crack. This is obviously far better than a few seconds, but it’s still bad news if your document ends up in the hands of a determined adversary.
The Password Cracking Arms Race, Video Games, and the Cloud
While 600 years (or even 3.5 years) sounds pretty good, I ran my experiments on a laptop without a dedicated graphics processor. These graphics processors, which are more common in desktop PCs aimed at gamers, are really good at repetitive tasks like rendering graphics—and cracking passwords. When a computer has one, hashcat uses it to speed things up dramatically.
One can also easily lease vast computing power from cloud computing providers like Amazon, which can make for an effective time–money tradeoff. For about $14/hour, one of Amazon’s heftiest cloud compute units will crack PDFs 92 times faster than my laptop. At this speed, that 3.5 years to crack a PDF’s 8-character password drops precipitously to just under two weeks, at a cost of about $4,500. That’s more than a casual thief would spend, but you can’t safely rule it out for nation states or industrial spies, who will also employ other approaches like rainbow tables.
Good Passwords Are Very Hard to Crack
Here’s the good news: if you generate a strong password, then modern Office’s AES encryption really shines. I generated a random 20-character password with upper and lowercase letters, numbers, and punctuation, and locked a Word file with it. It would have taken my laptop 66 million years to crunch all the possible permutations.
That’s as long as it’s been since dinosaurs roamed the earth. Regardless of your thoughts on whether human civilization will endure that long, I’m confident my clients’ secrets won’t be very relevant then. (Even if you threw 1,000 Amazon cloud computing units at this, it would cost $262 million and still take more than 700 years.)
How to Create and Share Strong Document Passwords
Don’t trust yourself to create a good password. Your brain is just not wired to do it. Instead, use a password manager and allow it to do the work for you with its password generator function.
Once you’ve generated a 66-million-year password and used it to lock your document, you need to share that password with the recipient. The most important thing is to not share it through the same channel with which you share the document. This means don’t put the password in the same email as the document. Instead, use an entirely different method, such as an encrypted text message using Signal, or over a phone call.
To sum up:
- Make sure you’re using a current version of Office or Acrobat. Older versions do not provide adequate security!
- Use a password manager to generate a strong password: 20+ random mixed-case letters, numbers, and symbols. The longer the better.
- Send the password separately from the document. For example, you could email the encrypted document as an attachment, and send the password securely using Signal.