RAR Archiving & Password

RAR Archiving & Password
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
RAR Archiving & Password on3_person 10-06-2006
Posted by on3_person on October 6, 2006, 9:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
As I start to get back into computers and such, I was thinking of something
today. How exactly does the password option work in RAR archives? When
you archive a file (or files) you can see the filenames in plain text if
you look at the archive in notepad or some such. I'm assuming it just uses
the password like a key is used in normal encryption of something. Even
then, how does the encryption know that you've entered the correct
password/key? If you were given an encrypted statement and told to decrypt
it, how would you know that you did it correctly unless you had something
to go by (assuming the statement wasn't plain text)? Does the RAR archive
have something to look at and say "yes, this is correct"? Or even if we're
not talking about a RAR archive and something is encrypted using a certain
key, how does the software know that you've entered the correct decryption
key?

Just a thought.

Thanks in advance for any enlightenment.

Posted by Luigi Donatello Asero on October 6, 2006, 10:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> As I start to get back into computers and such, I was thinking of
something
> today. How exactly does the password option work in RAR archives? When
> you archive a file (or files) you can see the filenames in plain text if
> you look at the archive in notepad or some such. I'm assuming it just
uses
> the password like a key is used in normal encryption of something. Even
> then, how does the encryption know that you've entered the correct
> password/key? If you were given an encrypted statement and told to
decrypt
> it, how would you know that you did it correctly unless you had something
> to go by (assuming the statement wasn't plain text)? Does the RAR archive
> have something to look at and say "yes, this is correct"? Or even if
we're
> not talking about a RAR archive and something is encrypted using a certain
> key, how does the software know that you've entered the correct decryption
> key?
>
> Just a thought.
>
> Thanks in advance for any enlightenment.

I assume that you had instructed the system to recognize a certain password
as the correct one so that when this is used, the user can have access to
the page.


--
Luigi Donatello Asero
https://www.scaiecat-spa-gigi.com/it/svezia.html
谢谢你, спасибо, tack så mycket!



Posted by on3_person on October 6, 2006, 11:22 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

Correct, say I had used a key of "password". Would the encryption then
include that "password" somewhere in the archived file (albeit encrypted)
so that when the user went to decrypt the file, it could look at that point
within the file and say, "yes, the key is correct"? If so, does the
encryption use the same internal key to encrypt the user-provided key?
Again, if so, is the encrypted key kept in the same location each time?

Thanks again for any feedback!

Posted by Arthur T. on October 7, 2006, 11:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options

>As I start to get back into computers and such, I was thinking of something
>today. How exactly does the password option work in RAR archives? When
>you archive a file (or files) you can see the filenames in plain text if
>you look at the archive in notepad or some such. I'm assuming it just uses
>the password like a key is used in normal encryption of something. Even
>then, how does the encryption know that you've entered the correct
>password/key? If you were given an encrypted statement and told to decrypt
>it, how would you know that you did it correctly unless you had something
>to go by (assuming the statement wasn't plain text)? Does the RAR archive
>have something to look at and say "yes, this is correct"? Or even if we're
>not talking about a RAR archive and something is encrypted using a certain
>key, how does the software know that you've entered the correct decryption
>key?

Since the people who actually know haven't spoken up, I'll
reason from analogy. What follows is from my experience with ZIP.

ZIP computes and stores the CRC of the plaintext. When
decrypting with a wrong key, the CRCs won't match. Some versions
of UNZIP will give you the decrypted gibberish and tell you the
CRC doesn't match; others will tell you the password is wrong (I
assume based on CRC). In any case, you can see there's no need to
store the password in the ZIP file, either plain or encrypted.

Some versions of UNZIP are available in source, so you could
investigate for yourself. Similarly, I believe, RAR allows anyone
to create UNRAR programs, so the specs should be out there,
somewhere.

Apparently RAR, like ZIP, compresses and encrypts the files
but not the filenames. Information can leak from filenames, so
you may want to name your files innocuously.

--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a good MVS systems programmer position

Similar ThreadsPosted
How to set a password on a cd/dvd? August 1, 2007, 4:11 am
Password Generator October 7, 2005, 7:24 am
Boot password November 2, 2005, 8:35 pm
SYSTEM PASSWORD November 16, 2005, 8:17 pm
Password Security January 21, 2006, 6:59 pm
Password Decoding November 29, 2006, 5:06 pm
4 FACTOR PASSWORD March 30, 2007, 4:04 pm
Can Any Password be compromised ? July 7, 2007, 4:34 pm
Password cracking and webmail. August 29, 2005, 1:12 am
Innovative password security September 1, 2005, 4:51 am

The site map in XML format XML site map

Contact Us | Privacy Policy