RAR Archiving & Password

Discussion in 'Computer Security' started by on3_person, Oct 7, 2006.

  1. on3_person

    on3_person Guest

    As I start to get back into computers and such, I was thinking of something
    today. How exactly does the password option work in RAR archives? When
    you archive a file (or files) you can see the filenames in plain text if
    you look at the archive in notepad or some such. I'm assuming it just uses
    the password like a key is used in normal encryption of something. Even
    then, how does the encryption know that you've entered the correct
    password/key? If you were given an encrypted statement and told to decrypt
    it, how would you know that you did it correctly unless you had something
    to go by (assuming the statement wasn't plain text)? Does the RAR archive
    have something to look at and say "yes, this is correct"? Or even if we're
    not talking about a RAR archive and something is encrypted using a certain
    key, how does the software know that you've entered the correct decryption
    key?

    Just a thought.

    Thanks in advance for any enlightenment.
    on3_person, Oct 7, 2006
    #1
    1. Advertising

  2. "on3_person" <> skrev i meddelandet
    news:Xns9854CE801C46Cone3personyahoocom@207.115.17.102...
    > As I start to get back into computers and such, I was thinking of

    something
    > today. How exactly does the password option work in RAR archives? When
    > you archive a file (or files) you can see the filenames in plain text if
    > you look at the archive in notepad or some such. I'm assuming it just

    uses
    > the password like a key is used in normal encryption of something. Even
    > then, how does the encryption know that you've entered the correct
    > password/key? If you were given an encrypted statement and told to

    decrypt
    > it, how would you know that you did it correctly unless you had something
    > to go by (assuming the statement wasn't plain text)? Does the RAR archive
    > have something to look at and say "yes, this is correct"? Or even if

    we're
    > not talking about a RAR archive and something is encrypted using a certain
    > key, how does the software know that you've entered the correct decryption
    > key?
    >
    > Just a thought.
    >
    > Thanks in advance for any enlightenment.


    I assume that you had instructed the system to recognize a certain password
    as the correct one so that when this is used, the user can have access to
    the page.


    --
    Luigi Donatello Asero
    https://www.scaiecat-spa-gigi.com/it/svezia.html
    谢谢你, ÑпаÑибо, tack sÃ¥ mycket!
    Luigi Donatello Asero, Oct 7, 2006
    #2
    1. Advertising

  3. on3_person

    on3_person Guest

    "Luigi Donatello Asero" <> wrote in
    news:KVDVg.19305$:

    Correct, say I had used a key of "password". Would the encryption then
    include that "password" somewhere in the archived file (albeit encrypted)
    so that when the user went to decrypt the file, it could look at that point
    within the file and say, "yes, the key is correct"? If so, does the
    encryption use the same internal key to encrypt the user-provided key?
    Again, if so, is the encrypted key kept in the same location each time?

    Thanks again for any feedback!
    on3_person, Oct 7, 2006
    #3
  4. on3_person

    Arthur T. Guest

    In Message-ID:<Xns9854CE801C46Cone3personyahoocom@207.115.17.102>,
    "on3_person" <> wrote:

    >As I start to get back into computers and such, I was thinking of something
    >today. How exactly does the password option work in RAR archives? When
    >you archive a file (or files) you can see the filenames in plain text if
    >you look at the archive in notepad or some such. I'm assuming it just uses
    >the password like a key is used in normal encryption of something. Even
    >then, how does the encryption know that you've entered the correct
    >password/key? If you were given an encrypted statement and told to decrypt
    >it, how would you know that you did it correctly unless you had something
    >to go by (assuming the statement wasn't plain text)? Does the RAR archive
    >have something to look at and say "yes, this is correct"? Or even if we're
    >not talking about a RAR archive and something is encrypted using a certain
    >key, how does the software know that you've entered the correct decryption
    >key?


    Since the people who actually know haven't spoken up, I'll
    reason from analogy. What follows is from my experience with ZIP.

    ZIP computes and stores the CRC of the plaintext. When
    decrypting with a wrong key, the CRCs won't match. Some versions
    of UNZIP will give you the decrypted gibberish and tell you the
    CRC doesn't match; others will tell you the password is wrong (I
    assume based on CRC). In any case, you can see there's no need to
    store the password in the ZIP file, either plain or encrypted.

    Some versions of UNZIP are available in source, so you could
    investigate for yourself. Similarly, I believe, RAR allows anyone
    to create UNRAR programs, so the specs should be out there,
    somewhere.

    Apparently RAR, like ZIP, compresses and encrypts the files
    but not the filenames. Information can leak from filenames, so
    you may want to name your files innocuously.

    --
    Arthur T. - ar23hur "at" intergate "dot" com
    Looking for a good MVS systems programmer position
    Arthur T., Oct 7, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jdruk

    *.rar.txt and *rar files

    jdruk, Oct 11, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    636
    jdruk
    Oct 11, 2004
  2. DaveG

    RAR needs password

    DaveG, Jan 8, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    523
    WormWood
    Jan 8, 2005
  3. George Galletta

    RAR worthless without sender's password?

    George Galletta, Nov 19, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    325
    Plato
    Nov 19, 2005
  4. supply rar password at command line?

    , Mar 18, 2007, in forum: Computer Support
    Replies:
    4
    Views:
    10,723
  5. Mike Easter

    Re: Posting RAR inside ZIP inside RAR

    Mike Easter, Feb 28, 2010, in forum: Computer Support
    Replies:
    0
    Views:
    1,116
    Mike Easter
    Feb 28, 2010
Loading...

Share This Page