Reference timeline

PDF Encryption History — 1993 to 2026

TL;DR — PDF password protection has gone through five distinct generations across 30 years: 40-bit RC4 (Acrobat 2-5), 128-bit RC4 (Acrobat 5-7), AES-128 (Acrobat 7-9), strengthened AES-128 (Acrobat 9), and AES-256 (Acrobat X+). Each generation maps to a Hashcat mode (10400, 10500, 10600, 10700) with substantially different recovery characteristics. Files from each era still exist in the wild in 2026 — government archives, legal exports, banking statements, and corporate document management systems retain the original encryption indefinitely.

Phase 0 — PDF 1.0 (1993): No password protection

When Adobe released Acrobat 1.0 in June 1993, the PDF format had no native password protection. Distribution control was a stretch goal — security was added in PDF 1.1, which shipped with Acrobat 2.0 in 1994.

Files from this earliest era cannot be password-protected by definition. If you have a PDF marked %PDF-1.0 with an encrypt dictionary, the file has been re-saved through a later Acrobat version that added the encryption while preserving the version metadata — investigate the actual encrypt dictionary, not the version line.

Phase 1 — PDF 1.1-1.3 / 40-bit RC4 (1996-2001)

PDF 1.1 (Acrobat 2.0, 1994) added the Standard Security Handler with V=1, R=2, 40-bit RC4. The 40-bit key length was a US export-control compromise — strong cryptography (anything above 40 bits) required an export licence, so commercial software shipped with the weakened variant globally.

PDF 1.2 (Acrobat 3.0, 1996) and PDF 1.3 (Acrobat 4.0, 1999) kept the same security model unchanged. This phase produced billions of documents during the late-1990s and early-2000s — many still circulate today as government archives and tax records.

These files map to Hashcat mode 10400. Because 40 bits = 2^40 ≈ 1.1 trillion keys, this entire generation is exhaustively searchable on modern hardware. Recovery is effectively guaranteed for legitimate owners — duration is the only variable.

Phase 2 — PDF 1.4-1.6 / 128-bit RC4 (2001-2008)

PDF 1.4 (Acrobat 5.0, 2001) added V=2, R=3 with configurable 40-128 bit key length. The US lifted strong-encryption export restrictions in early 2000, so 128-bit became the default almost immediately. RC4 stayed; only the key length changed.

PDF 1.5 (Acrobat 6, 2003) and PDF 1.6 (Acrobat 7, 2005) used the same scheme. By 2003, 128-bit RC4 was the dominant configuration for password-protected PDFs in business use — bank statements, government documents, legal disclosure files all sat in this category.

These files map to Hashcat mode 10500. Recovery becomes fundamentally a password-strength problem rather than a cipher problem: 128 bits is beyond brute-force, so success depends entirely on what the original password was. Short, predictable, dictionary-based passwords are recoverable; high-entropy random passwords are not.

Phase 3 — PDF 1.6 / AES-128 V=4 R=4 (2005-2008)

PDF 1.6 (Acrobat 7, 2005) introduced AES-128 as an option through V=4, R=4 with the new crypt filter (CF) sub-dictionary. AES became the default in Acrobat 8 (2006). The KDF (key-derivation function) remained the legacy MD5-based design from previous revisions — this is the weakness that distinguishes mode 10600 from later modes.

These files appear most often in the 2005-2010 window: enterprise document management exports, mid-sized law firm work product, contract management systems. Federal agencies that procured Acrobat 8 typically produced this format until Adobe's next major upgrade cycle.

Mode 10600. Same password-strength dependency as mode 10500, but with a sound cipher (AES instead of RC4). The KDF remains MD5×50, so per-second password verification rates remain high.

Phase 4 — PDF 1.7 ext 3 / strengthened AES-128 (2008-2010)

Adobe Extension Level 3 to PDF 1.7 (Acrobat 9, 2008) tightened the AES-128 implementation but kept V=4/R=4 unchanged. The improvement was on the validation logic, closing edge cases that had emerged in independent security research.

From a recovery perspective, this phase is identical to phase 3 — same Hashcat mode 10600, same KDF, same cipher. The user-facing difference is a 'high security' marketing label.

Mode 10600.

Phase 5 — PDF 1.7 ext 8 / AES-256 (2010-present)

Adobe Extension Level 8 (Acrobat X, 2010) introduced V=5, R=6 with AES-256 and a brand-new SHA-256-based KDF. This is the modern strong tier — both the cipher and the KDF are substantially stronger than previous generations.

The KDF is the bigger practical upgrade for security purposes: where mode 10600 verifies a candidate password in microseconds on a GPU, mode 10700 takes 50-100x longer per candidate. This directly throttles password-search throughput.

Mode 10700. From 2018 onwards, Adobe products default to this tier for new password-protected documents. Most newly-encrypted files in 2026 fall into this category. Recovery is still possible for short or predictable passwords, but the wall-clock cost is meaningfully higher than older modes.

What this means for files you find in 2026

All five generations coexist in archives today. Government documents from the 2000s are still mode 10400 or 10500 because they've never been re-encrypted. Modern Acrobat exports default to mode 10700.

When you have a password-protected PDF, the right first step is to identify which generation it belongs to — this single piece of information predicts feasibility better than any other factor. Tools like qpdf --show-encryption, pdfinfo, or any browser-based PDF analyser will print V, R, and Length without requiring the password.

From there, you know whether the file is in the 'guaranteed recoverable' (10400), 'depends on password strength' (10500/10600), or 'realistic only for short/predictable passwords' (10700) category. Plan accordingly.

Frequently Asked Questions

Why does PDF still allow weak encryption modes?

Backward compatibility. Older Adobe Reader versions and third-party PDF readers can't decrypt newer revisions, so Adobe retains every legacy mode. The default for new documents in modern Acrobat is AES-256, but old modes are still creatable through advanced security settings.

Can a PDF be encrypted by something other than the Standard Security Handler?

Yes — Adobe also defines the 'Public Key Security Handler' (PKSH) for certificate-based encryption, used in DRM workflows. PKSH-encrypted PDFs are not in the Hashcat 10400-10700 range; they're a different recovery category that involves the certificate chain, not a password.

Why does the PDF version line not tell me the encryption mode?

The version line (`%PDF-1.7`) describes the format spec, not the security handler. A PDF 1.7 file could use V=2/R=3 (mode 10500), V=4/R=4 (mode 10600), or V=5/R=6 (mode 10700). The encrypt dictionary is the authoritative source.

Are there encryption modes outside 10400-10700 in the wild?

Hashcat also has mode 25400 for PDF with owner password but without encrypted body — a less common configuration. Adobe also has experimental future-proof revisions (V=6 has been discussed) but they're not in widespread use.

How can I bulk-classify a folder of PDFs by encryption mode?

Scripted: use pikepdf (Python) or pdfcpu (Go) to read each file's encrypt dictionary, extract V/R/Length, and classify. The classification is deterministic and runs at hundreds of files per second on commodity hardware.

Why do tax authorities still issue mode 10400 PDFs?

Procurement cycles and document templates don't update at the same speed as Acrobat versions. Many tax-system PDFs in 2026 use templates set up in the early 2000s with the 40-bit security handler still configured. From a confidentiality standpoint this is suboptimal, but from a recovery standpoint it means owners can always retrieve their documents.

Related references

m10400Weakest PDF revision m10500Password complexity matters m10600Modern AES-128 m10700Strongest PDF tier

Have a file in this category?

Start with a free analysis. The encryption type is detected in your browser, then a free check runs through fast techniques before any paid attempt. You only pay if a recovery actually works.

Run a free PDF analysis