The standard PDF protection scheme can have two different passwords: a Document Open password and a Permissions password. When a Document Open password (also known as a user password) is set, anyone who tries to open the PDF must type in the password. When a Permissions password (also known as a master or owner password) is set, recipients don't need a password to open the document, but they must type the Permissions password to set or change the restricted features. If the PDF is secured with both types of passwords, it can be opened with either password, but only the Permissions password allows the user to change the restricted features.
Used crypto algorithms were being improved with PDF developing - up to PDF version 1.4 only 40-bit keys have been used, then the 128-bit ones came, and starting from version 1.6, AES encryption is being added. In Acrobat 9, 256-bit AES keys were introduced.
However, PDF security system is implemented so that a file with restrictions may be decrypted instantly, irrespective of the password length, even for 256-bit keys. A document with password for opening, using 40-bit key, can be decrypted on a modern computer in less than a day by using guaranteed decryption. To open a document with 128 or 256-bit key, only PDF brute force software can be used.
