How good is PDF password protection?

"From the Adobe site - Securing documents with passwords:

The Acrobat 3 And Later option uses a
low encryption level (40‑bit RC4),
while the other options use a high
encryption level (128‑bit RC4 or AES).
Acrobat 6.0 And Later lets you enable
metadata for searching. Acrobat 9.0
And Later encrypts the document using
the AES encryption algorithm with a
256-bit key size.

So apparently 7 will use 128-bit AES. I'd say you're very safe, especially with a password like that. The National Institute of Standards and Technology agrees:

Assuming that one could build a
machine that could recover a DES key
in a second (i.e., try 255 keys per
second), then it would take that
machine approximately 149
thousand-billion (149 trillion) years
to crack a 128-bit AES key."

"Latest crackers can, on machines with the right video cards, use the GPU itself to crack passwords with a brute-force attack at a speed comparable to a super-computer.

If the password wasn't long enough, it will be cracked in a matter of minutes and up to several days.

Conclusion: Only if you use the latest Acrobat version and employ very longggg passwords and no dictionary words, will you be safe enough.

But then, all this will be a wasted effort if your password leaked to the web ..."

The simple test is to send a pdf file encrypted as V9.0 acrobat with a password similar to sd8Jf+*e8fh§$fd8sHa, and ask anyone to decrypt it. If after say 10 days no-one has replied with the contents on view then you know your data is safe. However, remember two problems with passwords. 1. Your recipient will have to know what it is - and may leak it as in the next item. 2. It's amazing how powerful key-loggers are. These read your passwords as you type them and potentially send them anywhere without you knowing. Your keyboard 'buffer' is your enemy in this respect. Even PGP suffers the same vulnerability. What's the answer? Place you data-files on a server - where you can only gain access via a two part process. E.g. see how PayPal now optionally allows access only via a new security code sent to your mobile. A PC key-logger would find this difficult to defeat unless your mobile is already infected by a key-logger!
The simple test is to send a pdf file encrypted as V9.0 acrobat with a password similar to sd8Jf+*e8fh§$fd8sHa, and ask anyone to decrypt it. If after say 10 days no-one has replied with the contents on view then you know your data is safe. However, remember two problems with passwords. 1. Your recipient will have to know what it is - and may leak it as in the next item. 2. It's amazing how powerful key-loggers are. These read your passwords as you type them and potentially send them anywhere without you knowing. Your keyboard 'buffer' is your enemy in this respect. Even PGP suffers the same vulnerability. What's the answer? Place you data-files on a server - where you can only gain access via a two part process. E.g. see how PayPal now optionally allows access only via a new security code sent to your mobile. A PC key-logger would find this difficult to defeat unless your mobile is already infected by a key-logger!

"This should be a comment to satanicpuppy, but the comments are limited to 600 characters. :-(

I support this (satanicpuppys) as being the most sensible answer.

You are looking at the strength of the password as a measure of how secure something is. In this case, you are - as an example - talking about patient data. So the security you are looking for is meant to secure the content not the algorithm or functionality (printing, saving, copy/paste).

While I agree that it might be superdifficult to print a document that is protected that way, PDF has been - and still is - dead easy to decrypt. That way the content can be descrambled and written into another file, with no restrictions whatsoever.

I am by no means a hacker, but the two Python scripts needed for that were so easy to use, even I managed to ""free"" my Adobe DRM-Protected ebook I just downloaded yesterday... No kidding.

And of course, you'd have a look to Elcomsoft, because there you can find any crack for virtually anything. PDF and Word at the top of the list."