PDF
PDF Password Toolspdfpassword.net
Complete Guide

How to Remove a PDF Password

Three proven methods to unlock password-protected PDF files — from free browser tools to professional recovery services. Learn which method works for your specific encryption type.

Don't know your encryption type?

Use our PDF Encryption Analyzer first — it reads your file locally (nothing uploaded) and tells you exactly which method to use.

Step 1: Understand Your PDF's Encryption

Before attempting recovery, you need to know what you're dealing with. PDF encryption has evolved significantly, and the method that works for a 2001-era PDF will completely fail on a 2020 PDF — and vice versa.

PDF files store encryption metadata in a structure called the /Encrypt dictionary. The most important field is /R (Revision), which tells you exactly how the password was hashed and what key length was used.

Revision (/R)EncryptionKey LengthSuccess Rate
R=2 or R=3RC440-bit100% guaranteed
R=4RC4-128128-bit~50%
R=4 (AES)AES-128128-bit~40%
R=5AES-256256-bit~15%
R=6AES-256 v2256-bit<10%

40-bit PDFs (R=2/3) are special: The 40-bit RC4 cipher used in early Acrobat versions is mathematically broken. Recovery is not probabilistic — it's deterministic. Every single 40-bit PDF can be recovered, guaranteed, regardless of password complexity.

Method 1: Free Online Tools

Free online PDF unlockers are the first thing most people try. They're convenient but come with significant limitations — and serious privacy concerns you need to understand before uploading confidential documents.

How they work

Most free online tools use one of two approaches: (1) they attempt to remove the owner/permissions password (always works, no recovery needed) or (2) they run a basic dictionary attack against the user/open password. Option 1 is instant. Option 2 only works if your password is in their database.

Popular free tools

SmallpdfBest for: Owner password removal

Easy UI, removes permissions instantly, weak on encrypted PDFs

IlovePDFBest for: Owner password removal

Similar to Smallpdf, free tier with file size limits

PDF2GoBest for: Simple passwords

Decent basic recovery, stores files on EU servers

Google Chrome (Print to PDF)Best for: Removing permissions after opening

Built-in, works if you can open the file but want unrestricted copy

Privacy warning

Free online tools require you to upload your PDF to their servers. For confidential documents (contracts, financial records, medical files), this is a significant risk. The file may be stored, analyzed, or retained even after "deletion." Always check the privacy policy before uploading sensitive documents.

Limitations of free tools

  • Only check passwords against small dictionaries (typically under 10 million entries)
  • Cannot crack strong or unique passwords (random strings, long passphrases)
  • File size limits (usually 10–50MB on free tier)
  • Require internet connection and file upload
  • Zero success rate against AES-256 encryption
  • Often don't tell you why recovery failed

Method 2: Desktop Recovery Software

Desktop software gives you more control, keeps your file local (better privacy), and can leverage your computer's full processing power. The downside is cost and setup time.

Top desktop tools

HashcatFree (open source)

Most powerful, GPU-accelerated, supports all attack types

Command-line only, steep learning curve, requires GPU for best performance

John the RipperFree (open source)

Wide format support, good auto-detection

Slower than hashcat for GPU attacks

Passware Kit$49–$995

GUI, live memory analysis, broad format support

Expensive, overkill for single PDF

PDF Password Recovery (Elcomsoft)$49–$99

Easy GUI, GPU acceleration, specifically for PDF

Windows only, expensive

Using Hashcat for PDF recovery (advanced)

If you're comfortable with the command line, hashcat is the most powerful free option. Here's the basic workflow:

# Step 1: Extract the hash from your PDF

pdf2john.py protected.pdf > hash.txt

# Step 2: Run dictionary attack

hashcat -m 10500 hash.txt rockyou.txt

# For 40-bit PDFs (guaranteed recovery)

hashcat -m 10400 hash.txt --bruteforce-attack

Note: Mode numbers — 10400 = PDF 1.1-1.3 (40-bit RC4), 10500 = PDF 1.4-1.6 (128-bit RC4/AES), 10600 = PDF 1.7 Level 3, 10700 = PDF 1.7 Level 8

Method 3: Professional Recovery Service

When free tools fail and you don't have the technical skill or hardware for desktop software, professional recovery services are the practical option. They run GPU farms with billions of password candidates — dramatically better than anything a personal computer can achieve.

The key advantage is scale. A mid-range gaming GPU can test around 1 billion passwords per second against a PDF hash. A professional service with 10–20 high-end GPUs can test 10–20 billion per second, making recovery of moderate passwords (short phrases, names with numbers) feasible within hours.

Can't Open Your PDF?

Free PDF password check with paid release only after proof. One clear $34.99 price if recovery works.

✓ No password needed✓ Original file unchanged✓ 24–48hr turnaround✓ Secure upload
Analyze My PDF

When to use a professional service

  • You've already tried free tools and they failed
  • The PDF is important enough to be worth paying for
  • You don't want to spend days learning hashcat
  • Your PDF has AES-128 encryption and the password might be a real word or phrase
  • You need the file recovered within 24–48 hours

Removing Owner / Permissions Password

If your PDF opens fine but you can't print, copy text, or edit it, you have an owner password (also called a permissions password or restrictions password). This is completely different from an open password.

Owner passwords are technically trivial to remove. The PDF specification allows the file to be "restricted" by the owner password, but the actual content is not encrypted with it — it's encrypted with a standard key derived from the user (open) password. Removing owner restrictions requires no cracking at all.

3 ways to remove permissions restrictions

1. Print to PDF (built into every OS)

Open the PDF, go to Print → select "Microsoft Print to PDF" (Windows) or "Save as PDF" (Mac). The resulting file has no restrictions. Works 100% of the time for owner-only protection.

2. Free online tools

Any of the tools mentioned above (Smallpdf, IlovePDF) will strip owner passwords instantly. No cracking required — they simply re-save without the restrictions flag.

3. QPDF (command line, free)

qpdf --decrypt input.pdf output.pdf

Works for owner-only restricted PDFs. Will prompt for user password if the file also requires one to open.

Success Rates by Encryption Type

Success rates vary dramatically based on encryption strength AND password characteristics. Here's a realistic breakdown based on real-world recovery data:

40-bit RC4 (R=2, R=3) — 100% Success

  • The 40-bit key space is finite and exhaustible — every possible key can be tested
  • Time ranges from minutes (GPU) to hours (CPU-only)
  • Password complexity is irrelevant — the key, not the password, is the target
  • This is the only encryption type where success is truly guaranteed

AES-128 (R=4) — ~40–60% Success

  • Common passwords (dictionary words, names, dates): high chance of recovery
  • Complex passwords (random characters, long): low chance
  • GPU-accelerated attacks test ~1 billion candidates per second
  • 24–48 hour dictionary attack covers most human-created passwords

AES-256 (R=5, R=6) — ~10–20% Success

  • Strongest modern encryption, used in Acrobat X and later
  • Only dictionary/pattern attacks have any realistic chance
  • Long random passwords: essentially impossible to crack
  • Short common passwords: still recoverable with large enough dictionary

Frequently Asked Questions

Can I remove a PDF password without knowing it?
Yes — if your PDF uses older 40-bit RC4 encryption (Revision 2, common in PDFs created before 2001), recovery is mathematically guaranteed. For newer AES-128 or AES-256 encryption, recovery is possible through dictionary attacks if the password was human-created, but not guaranteed.
Is it legal to remove a PDF password?
Yes — if it's your own document or you have permission from the owner. Removing password protection from PDFs you legitimately own is legal. It becomes illegal if you're trying to access someone else's protected content without authorization.
How long does PDF password recovery take?
It depends on the encryption type. 40-bit RC4 (R=2): minutes to hours, guaranteed success. AES-128 (R=4): hours to days depending on password complexity. AES-256 (R=5/6): days to weeks, success depends on password strength. If the password was a common word or short phrase, recovery is typically much faster.
What's the difference between owner password and user password?
A user password (also called open password) locks the file completely — you need it just to open the PDF. An owner password (permissions password) allows opening but restricts actions like printing or copying. Owner passwords are much easier to remove and many free tools can strip them without any recovery needed.
Why does my PDF open but I can't print or copy from it?
This is an owner password (permissions restriction), not an open password. The PDF content is accessible but certain actions are locked. These restrictions can be removed with any PDF editor that supports permissions removal, or by printing to a PDF printer (like Microsoft Print to PDF), which creates an unrestricted copy.