Blackhat Python Crack Encrypted PDFs
A Demonstration of A Dictionary Attack
In this post I will be demonstrating Breaking into an encrypted PDF using the .decrypt method found in the module PyPDF2.
This example is my crafted solution to the example challenge presented in Al Sweigart’s Automate the Boring Stuff With Python.
The password is 8 letters long, lowercase, and contains only alphabetical characters.
Depending on what the password is, the time will vary. In this case it begins with an “R”.
Note.. hackers engineer GPU clustered machines to speed the processing up to much faster than this.
Time until entry
5 mins 14 seconds
Raspberry Pi 3:
15 mins 23 seconds
An encrypted PDF file
A dictionary in a text file containing over 60,000 English words in alphabetical order and capitalized
An object is created for the encrypted pdf.
A pdf module reader object is created for to read the pdf.
A loop iterates through the a list of strings from the test dictionary object.
When there is a match the decrypt function returns an integer of 1.
The match is printed and the pdf is decrypted.
This is why it is advised to use a combination of letters, both upper and lower case, along with numbers and symbols. These raise the entry time significantly to the point that it discourages any efforts to find a password in a favorable amount of time.
A bad password
A good password
To test the strength of your password, check out this calculator.
Note: The purpose of this demonstration is purely academic and the author does not encourage or approve of the techniques shown here to be used for illegal purposes. Being aware of and understanding the methods used to manipulate encrypted files is part of a fully developed cybersecurity acumen.