John August crowd-sourced a security test on PDF encryption.
For PDF encryption, the consensus seems to be that the latest version of Adobe is pretty effective if you’re using the 128 or 256 bit option and have 8+ random characters. Random, as in not a word in a dictionary.
The post includes some estimates for cracking passwords on PDFs. I'm not familiar enough with the toolkits used by people that actually do this but the numbers are probably relatively accurate.
On a related note, don't miss John August on MPU this week.