PDF Password Length vs Crack Time — Complete Analysis

The exponential math behind password length

The candidate password space for a brute-force attack on a PDF password is charset_size^length. For lowercase (26): 26^6 = 308 million, 26^8 = 208 billion, 26^10 = 141 trillion. For mixed-case alphanumeric+symbols (95 printable ASCII): 95^6 = 735 billion, 95^8 = 6.6 quadrillion, 95^10 = 59.9 quintillion.

This exponential growth means that increasing password length by even one character dramatically increases the crack time. A 6-character mixed-case password may crack in hours; an 8-character mixed-case password may take centuries — the same two-character increase multiplies the search space by 95^2 = 9,025x.

In practice, password recovery uses three strategies that avoid searching the full brute-force space: dictionary attacks (testing real words and patterns), rule-based mutation (adding digits, capitalizing, substituting), and mask attacks (constraining character positions by type). These reduce effective search space by orders of magnitude for human-chosen passwords.

Mode 10400 (40-bit RC4) — guaranteed regardless of password

Mode 10400 (40-bit RC4, PDF 1.1-1.3) does NOT depend on password length. The encryption key is 40 bits, derived from the password through a padding function that always produces exactly 40 bits. The attack is a key-space search (2^40 keys), not a password search.

On RTX 5090: mode 10400 key-space exhaustive search completes in approximately 60-90 minutes regardless of the password content. This is a mathematical guarantee — every possible 40-bit key is tested.

Password length is irrelevant for mode 10400 recovery. The password could be 'a' or a 100-character random string — the key-space search time is the same. Mode 10400 is the only PDF encryption tier where recovery is truly guaranteed.

Mode 10500-10600 (RC4 128-bit / AES-128) crack times

Mode 10500 (128-bit RC4) on RTX 5090: approximately 9,800,000 H/s. Password search, not key search. At this speed, a dictionary+rule attack exhausts a 10M-word list with 50 rules in ~51 seconds for all 500M candidates.

Mode 10600 (AES-128) on RTX 5090: approximately 75,000 H/s. The AES-128 key setup and CBC decryption per candidate is slower than RC4.

Brute-force mask attack times for mode 10600 (75K H/s) by length and charset:

6-char lowercase (26^6 = 308M): 308M / 75K = 4,107 seconds = 68 minutes. Very feasible.

8-char lowercase (26^8 = 208B): 208B / 75K = 2.77M seconds = 32 days. Feasible on a multi-GPU cluster.

8-char alphanumeric (36^8 = 2.82T): 2.82T / 75K = 37.6M seconds = 435 days. Infeasible on any reasonable GPU cluster.

10-char lowercase (26^10 = 141T): 141T / 75K = 1.88B seconds = 59.6 years. Not feasible.

Mode 10700 (AES-256) crack times — the modern standard

Mode 10700 (AES-256, SHA-256 KDF) on RTX 5090: approximately 38,000 H/s (50-round KDF) to 28,000 H/s (100-round KDF, PDF 2.0). This is the slowest per-candidate rate of all PDF encryption modes.

Dictionary+rule attack (10M words, 50 rules, 500M candidates) at 38K H/s: 500M / 38K = 13,158 seconds = 3.7 hours. Highly practical for human-chosen passwords.

Brute-force mask attack times for mode 10700 (38K H/s) by length and charset:

6-char lowercase (308M): 308M / 38K = 8,105 seconds = 2.25 hours. Feasible.

7-char lowercase (8B): 8B / 38K = 210,526 seconds = 2.4 days. Feasible.

8-char lowercase (208B): 208B / 38K = 5.47M seconds = 63 days. Borderline — feasible on a large cluster.

8-char alphanumeric (2.82T): 2.82T / 38K = 74.2M seconds = 2.4 years. Not feasible.

10-char lowercase (141T): 141T / 38K = 3.71B seconds = 117 years. Completely infeasible.

Multi-GPU cluster scaling effects

The crack times above are for a single RTX 5090. A professional recovery service with 8 GPUs reduces all times by approximately 7.5x (accounting for 8-GPU scaling overhead).

With 8 × RTX 5090 on mode 10700: 8-char lowercase drops from 63 days to 8.4 days. 8-char alphanumeric drops from 2.4 years to 117 days. Still infeasible for strong random passwords.

With 32-GPU cluster (four 8-GPU systems): 304,000 H/s on mode 10700. 8-char lowercase drops to 7.9 days. 8-char alphanumeric drops to 109 days — still costly but potentially worth it for high-value documents.

The practical ceiling: a 10-character random password (any charset) is infeasible on any realistic GPU cluster within a year. This is the boundary between recoverable and unrecoverable for mode 10700 PDFs.

Dictionary and rule effectiveness

Brute-force times are worst-case. In practice, most forgotten PDF passwords are NOT random. They are human-chosen: dictionary words, names, dates, patterns, keyboard walks. A good dictionary+rule attack finds 60-85% of human-chosen passwords within hours, regardless of length.

Human passwords follow predictable patterns: lowercase base word + digit(s) + optional symbol. RockYou wordlist + Best64 rules captures the majority of these patterns. The probability of success depends on whether the password follows common patterns, not just its length.

A 14-character password may crack in minutes if it's 'iloveyou1234' (a known pattern in the wordlist + suffix rule). An 8-character random string 'kX9#mP2q' would take centuries even though it's 6 characters shorter. This is the key insight: pattern matters more than length when dictionary attacks are applied.

Practical advice for password strength

For documents you want to be recoverable if forgotten: use an 8-9 character password with mixed-case letters and digits (no symbols). This provides reasonable security while keeping recovery feasible on a professional GPU cluster within 1-4 weeks.

For documents that must NOT be recoverable if forgotten: use a 12+ character random password from a password manager. This is unrecoverable even with maximum GPU resources. If you forget it, the document is permanently lost. This is the appropriate level for truly sensitive documents.

For legacy 40-bit RC4 PDFs (mode 10400): password length and complexity are irrelevant. These documents are always recoverable. If you have sensitive content in mode 10440 PDFs, the encryption provides no meaningful protection against a determined attacker.

Estimating your PDF's crack time

1. 1

   Identify the encryption mode

   Use qpdf --show-encryption or our browser-based PDF encryption info tool to get the V/R/Length/CFM values.

2. 2

   Determine per-GPU hashcat speed

   Mode 10400: 1.1B H/s (key search). Mode 10500: 9.8M H/s. Mode 10600: 75K H/s. Mode 10700: 38K H/s (all on RTX 5090).

3. 3

   Estimate password characteristics

   What do you remember about the password? Length range, character types, themes. This determines the search strategy.

4. 4

   Calculate candidate space

   charset_size^length for brute-force, or dictionary_size × rules for dict+rule. Apply to per-GPU speed.

5. 5

   Factor in cluster size

   Divide time by number of GPUs × 0.94 scaling factor. If the result is under 90 days, recovery is feasible.

Frequently Asked Questions

Related Reading