PDF Password format

Hi,

My evaluation is going well but Ive just had an issue raised
by our compliance people re the format of the the pdf
passwords. Ive got the length and expire time set fine and
assume that as the passwords are auto generated its not
likely to repeat them, but can you force upper/lower
character mix and use of special characters as well
(£$%&*@#? etc )?

Thanks

Bruce

My evaluation is going well but Ive just had an issue raised
by our compliance people re the format of the the pdf
passwords. Ive got the length and expire time set fine and
assume that as the passwords are auto generated its not
likely to repeat them, but can you force upper/lower
character mix and use of special characters as well
(£$%&*@#? etc )?

The passwords are generated by a secure random generator. The number of
bytes specified for the password length is the number of random bytes
that is generated. From this random bit string a readable password is
created. The conversion from random bit string to string is done with
base32 encoding (Base32 - Wikipedia). The main reason
for using base32 encoding is that it's easier for humans to read the
password:

"The alphabet was selected to avoid similar-looking pairs of different
symbols, so the strings can be efficiently transcribed by hand. (For
example, the symbol set omits the symbols for 1, 8 and zero, since they
could be confused with the letters 'I', 'B', and 'O'.)"

This is important for example when the password will be delivered by SMS.

The downside of base32 is that the character set is limited and the
passwords are therefore longer if you want to have the same strength.

As long as you make sure that the number of bytes used to generate the
password is high enough, the password is strong enough. In other words
"the strength of the password is not determined on how it's is displayed
but on how it was generated"

Unfortunately the encoding can currently not be changed. I will add your
request for this on the todo list.

Kind regards,

Martijn Brinkers