Password protect a pdf file?

[pawnraider]

I hope this is the right place to ask this.

I just did my state taxes and I did it on a pdf form that allows the person to fill in the fields and can be printed out. What I would like to know is is it possible to password protect this pdf form to prevent anyone other than myself from looking at its contents? If so, how?

 

[pgp_protector]

If you have the full version of Adobe I believe you can password protect them.

Other wise just use WinZip (Or Equivalent) and put it in a password protected ZIP File (or RAR, or whatever compression you wish)

 

[Jacob Jilg]

Yes that. I was going to also recommend the password protected zip file. There are many free programs available that can compress a file into a password protected archive. I use Keka on my Mac.

 

[elytron]

When using encryption, strong passwords are important.

 

[pgp_protector]

When using encryption, strong passwords are important.

Tell me, what password is better for my security ?

1) JD&hh3)&DF#jSD
or
2) ThisIsHowWeAreGoingToRememberOurPassowrdOnDec25th2015.

 

[elytron]

Yikes, I am not even able to tell you. Looks like I need to reconsider my own password strategy.

 

[EphesiaNZ]

Tell me, what password is better for my security ?

1) JD&hh3)&DF#jSD
or
2) ThisIsHowWeAreGoingToRememberOurPassowrdOnDec25th2015.

First one is better. Second one is just a passphrase which can be decoded by a dictionary.

Tip: never use an online (or application) password generator, why?

Because they they could now have your password and ip address possibly.

 

[pgp_protector]

First one is better. Second one is just a passphrase which can be decoded by a dictionary.

Tip: never use an online (or application) password generator, why?

Because they they could now have your password and ip address possibly.

Not true.

1'st one is 14 characters long, one of 255 characters,
2nd one is 14 words long each word being one of 171,476 words

and that's not even counting capitalization.

http://www.mathsisfun.com/combinatorics/combinations-permutations.html

ETA:
To simplify it lets compare 2 Words to 2 ASCII Characters (We'll allow any of the 255 bytes to be used)
1) 2 characters would be a total of 65,536 combinations
2) 2 words (using the 171,476 in the current dictionary) (well with just one word we're already over the 2 characters combination of 65,536 combinations) but it would be 29,404,018,576 combinations with just 2 words.

with 14 words vs characters it's
5.1922968585348276285304963292201e+33 combinations
vs
1.9004078649468748800668695215654e+73 combinations (not counting punctuation & capitalization being used)

 

[pgp_protector]

For more fun with code, using the example phrase and bad password storage (MD5 of pass-phrase only)

1) ThisIsHowWeAreGoingToRememberOurPassowrdOnDec25th2015 becomes -> b99eaec3177677798887daaa801d8b61
2) This is how we are going to remember our password on December 25th 2015 becomes -> 1eb15740a6df91d957ace4ff16859ca3
and
3) JD&hh3)&DF#jSD becomes -> 8ff6dbd288082d39b321490af2bd6f1d

 

[elytron]

What is the best way to choose a random passphrase? The roll of a dice?

 

[pgp_protector]

What is the best way to choose a random passphrase? The roll of a dice?

Roll of the dice can be still hard to remember. (And don't use "Correcthorsebatterystaple" )

But look out your window, then to your left, then on your desk, then in your pocket. Did you see something that you can make a phrase out of that you can remember ?

RosebudCamerawithPhonefor25pince.

 

[EphesiaNZ]

Not true.

1'st one is 14 characters long, one of 255 characters,
2nd one is 14 words long each word being one of 171,476 words

Maths aside, I stand by the following,

Passphrases are theoretically stronger, and so should make a better. First, they usually are (and always should be) much longer—20 to 30 characters or more is typical—making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary, so such dictionary attacks will be almost impossible.

So it's possible the first one could be more secure due to its "randomness". A good passphrase would be of course very secure if it had 30 (or more) random characters, though not very easy to remember. But that's a key rule, if its hard for you to remember then it maybe hard for someone else to guess/crack it too.

 

[pgp_protector]

Maths aside, I stand by the following,



So it's possible the first one could be more secure due to its "randomness". A good passphrase would be of course very secure if it had 30 (or more) random characters, though not very easy to remember. But that's a key rule, if its hard for you to remember then it maybe hard for someone else to guess/crack it too.

Math is how you determine how secure a password can be.

 

[EphesiaNZ]

Math is how you determine how secure a password can be.

And do you always sit there calculating a password/phrase before entering a new one.

Whats more secure,

y%F#m1D8^%9n

or,

11111111111111111111111111111111111111111111111111111111111111111

Mathematically, the longer second one is for sure but, in reality the second one is stupidly simple to crack. Would you pick all 1's?, I doubt it but then again who would pick "password" for a password - exception being Microsoft

The longer the passphrase, the more easy it could be to crack. Human nature makes us want things to be simple. We will want to make it relevant to the purpose for which we are using it maybe. For this site i choose (not really),

IamagoodChristianinthisforum

A dictionary attack with a good algorithm will pick that to pieces in no time.

So, after the Patriots Superbowl victory, I get an account at the Patriots website and my passphrase is,

Tom Brady is the best quarterback

32 characters and mathematically strong. But, randomness in this string is very low and mathematics won't save you from a well organised password cracker. Also substituting numbers for letters (like 0 for o, 3 for e) will just delay it a little.

Well my new Patriots passhrase is,

*#15# uNdur-1nflaytid puMP-k1n$ $ouR l0osEr$ Df33T #20%*

I thinks most of you can read that and this would be much more secure, both mathematically and against an attack. Impossible to guess? - nothings impossible...

Remember, mathematics told the Titanic's engineers that is was unsinkable.

 

[pgp_protector]

And do you always sit there calculating a password/phrase before entering a new one.

Whats more secure,

y%F#m1D8^%9n

or,

11111111111111111111111111111111111111111111111111111111111111111

Mathematically, the longer second one is for sure but, in reality the second one is stupidly simple to crack. Would you pick all 1's?, I doubt it but then again who would pick "password" for a password - exception being Microsoft

The longer the passphrase, the more easy it could be to crack. Human nature makes us want things to be simple. We will want to make it relevant to the purpose for which we are using it maybe. For this site i choose (not really),

IamagoodChristianinthisforum

A dictionary attack with a good algorithm will pick that to pieces in no time.

So, after the Patriots Superbowl victory, I get an account at the Patriots website and my passphrase is,

Tom Brady is the best quarterback

32 characters and mathematically strong. But, randomness in this string is very low and mathematics won't save you from a well organised password cracker. Also substituting numbers for letters (like 0 for o, 3 for e) will just delay it a little.

Well my new Patriots passhrase is,

*#15# uNdur-1nflaytid puMP-k1n$ $ouR l0osEr$ Df33T #20%*

I thinks most of you can read that and this would be much more secure, both mathematically and against an attack. Impossible to guess? - nothings impossible...

Remember, mathematics told the Titanic's engineers that is was unsinkable.

In Reality the longer one is still more secure, the reason is it's not common, so after using the common passwords, you have to brute force it, and the longer password WILL take longer to crack.

(and no Engineers that said the Titanic was unsinkable)

 

[pgp_protector]

FYI Time Calculations from GRC on cracking the two examples you gave
https://www.grc.com/haystack.htm

Password Best Cracking Time
y%F#m1D8^%9n 1.74 centuries

11111111111111111111111111111111111111111111111111111111111111111 3.53 hundred thousand trillion trillion trillion centuries

 

[pgp_protector]

You also get equivalent results (shorter is worse)
https://howsecureismypassword.net/
Password Strength Estimator

Strong vs Long is losing more & more due to Brute force speeds (One of the reasons I hate MS Accounts they Limit your password length)

Cheap GPUs are rendering strong passwords useless | ZDNet

 

[EphesiaNZ]

In Reality the longer one is still more secure, the reason is it's not common, so after using the common passwords, you have to brute force it, and the longer password WILL take longer to crack.

If they were the same length, the second one is still more secure due to obfuscation and randomness - though it could have been a lot more random.

So, going back to,

1) JD&hh3)&DF#jSD
or
2) ThisIsHowWeAreGoingToRememberOurPassowrdOnDec25th2015.

With the right algorithm and dictionary, I would still say the second one is easier, common words, capitalised first letters and a common date format. Im assuming "Passowrd" was a typo but even still that probably wouldn't slow the cracking down a great deal.

The first example while being shorter is random with no visual pattern.

If I get some time I might try just to see

(and no Engineers that said the Titanic was unsinkable)

It was said that the builders and owners of Titanic claimed she was 'unsinkable'. The claim actually made was that she was 'practically unsinkable'

I'm assuming the ships designers/engineers would come under "builders" of the vessel. There were numerous design flaws and mistakes these people made which cost approx. 1500 people their lives.

 

[pgp_protector]

Here's a Zip file for you with a bonus hint
I only used numbers to protect the text
https://dl.dropboxusercontent.com/u/994953/ProtectedDocument.txt.zip

(And you still don't get it, no matter the dictionary, you still have entropy you have to deal with, the 2 characters vs 2 words proved that, now if you care to show your math that I'm wrong I'm listening)

 

[pgp_protector]

If they were the same length, the second one is still more secure due to obfuscation and randomness - though it could have been a lot more random.

So, going back to,

1) JD&hh3)&DF#jSD
or
2) ThisIsHowWeAreGoingToRememberOurPassowrdOnDec25th2015.

With the right algorithm and dictionary, I would still say the second one is easier, common words, capitalised first letters and a common date format. Im assuming "Passowrd" was a typo but even still that probably wouldn't slow the cracking down a great deal.

The first example while being shorter is random with no visual pattern.

If I get some time I might try just to see






I'm assuming the ships designers/engineers would come under "builders" of the vessel. There were numerous design flaws and mistakes these people made which cost approx. 1500 people their lives.

1) GRC 15.67 Thousand Centuries
2) 2.01 hundred billion trillion trillion trillion trillion trillion trillion centuries

This is taking into account Dictionary attacks because Dictionary attacks only work on words not phrases.