Originally Posted by Jim Lester
If there is no user (/U) password the pad string is used in it's entirety. So if you generate the /U value using just the pad string (see algorithms 3.2 and 3.4 in the PDF spec), and it is the same as the /U value in the encrypt dict, then there is no user password.
Note that the algorithms will be slightly different for AES256 encrypted documents (came along with Acrobat 9).
The ineptpdf scripts can also decrypt password protected pdfs - no biggy