RAR Archiving & Password

Discussion in 'Computer Security' started by on3_person, Oct 7, 2006.

  1. on3_person

    on3_person Guest

    As I start to get back into computers and such, I was thinking of something
    today. How exactly does the password option work in RAR archives? When
    you archive a file (or files) you can see the filenames in plain text if
    you look at the archive in notepad or some such. I'm assuming it just uses
    the password like a key is used in normal encryption of something. Even
    then, how does the encryption know that you've entered the correct
    password/key? If you were given an encrypted statement and told to decrypt
    it, how would you know that you did it correctly unless you had something
    to go by (assuming the statement wasn't plain text)? Does the RAR archive
    have something to look at and say "yes, this is correct"? Or even if we're
    not talking about a RAR archive and something is encrypted using a certain
    key, how does the software know that you've entered the correct decryption

    Just a thought.

    Thanks in advance for any enlightenment.
    on3_person, Oct 7, 2006
    1. Advertisements

  2. I assume that you had instructed the system to recognize a certain password
    as the correct one so that when this is used, the user can have access to
    the page.
    Luigi Donatello Asero, Oct 7, 2006
    1. Advertisements

  3. on3_person

    on3_person Guest

    Correct, say I had used a key of "password". Would the encryption then
    include that "password" somewhere in the archived file (albeit encrypted)
    so that when the user went to decrypt the file, it could look at that point
    within the file and say, "yes, the key is correct"? If so, does the
    encryption use the same internal key to encrypt the user-provided key?
    Again, if so, is the encrypted key kept in the same location each time?

    Thanks again for any feedback!
    on3_person, Oct 7, 2006
  4. on3_person

    Arthur T. Guest

    In Message-ID:<[email protected]>,
    Since the people who actually know haven't spoken up, I'll
    reason from analogy. What follows is from my experience with ZIP.

    ZIP computes and stores the CRC of the plaintext. When
    decrypting with a wrong key, the CRCs won't match. Some versions
    of UNZIP will give you the decrypted gibberish and tell you the
    CRC doesn't match; others will tell you the password is wrong (I
    assume based on CRC). In any case, you can see there's no need to
    store the password in the ZIP file, either plain or encrypted.

    Some versions of UNZIP are available in source, so you could
    investigate for yourself. Similarly, I believe, RAR allows anyone
    to create UNRAR programs, so the specs should be out there,

    Apparently RAR, like ZIP, compresses and encrypts the files
    but not the filenames. Information can leak from filenames, so
    you may want to name your files innocuously.
    Arthur T., Oct 7, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.