For RAR and WinRAR END USER LICENSE AGREEMENT (EULA) klick here

WinRAR uses 128/256 AES Encryption Technology
 

Vincent Rigmen and Joan Daemen developed the Advanced Encryption Standard, AES, encryption algorithm, also known as the RijnDael cipher. In 2001 the U.S. National Institute of Standards and Technology adopted AES as the industry standard for secure data encryption. This method is used worldwide in both hardware and software.

AES Encryption provides a higher security than methods like DES (Data Encryption Standard), which was the standard encryption algorithm for many years and was widely used by both government institutions and banks.

However, previous algorithms were not safe enough, because they did not efficiently prevent hackers from deciphering the code by replacing one byte and looking for the changes this made to the message. This was one of the main reasons for developing a new encryption standard, as these ‘brute force’ attacks were relatively successful in cracking previous encryption algorithms.

Modern AES encryption uses 128 or 256-bit keys. The higher the number of bits in the key is, the more possible key combinations there are, and therefore the harder the code is to crack.

AES-128 Bit: 340.282.366.920.938.463.463.374.607.431.768.211.456 possible key combinations

AES-256 Bit: 115.792.089.237.316.195.423.570.985.008.687.907.853.269.984.665.640. 564. 039. 457. 584.007.913.129.639.936 possible key combinations

WinRAR has changed its encryption standard from AES 128 to AES 256 with its „RAR 5.0“ format. Thus we highly recommend using the RAR 5.0 format in order to use the stronger AES Encryption.

However, the AES – 128 Bit is strong as well and it is used by governments and military installations alike to encrypt secret classified information.

Besides governmental institutions and organizations, WinRAR is used by the World Bank, United Nations and many other non profit organizations.

The WinRAR Encryption Algorithm improved with RAR 5.0

  • The password based key derivation function is now based on (PBKDF2) using HMAC-SHA256, the core of the WinRAR security mechanism.
  • Special password verification value allows to detect most wrong passwords without the necessity to unpack the entire file.
  • If archive headers are not encrypted (“encrypt file names” option is disabled), file checksums for encrypted RAR 5.0 files are modified using a special password dependent algorithm to prevent third parties from guessing file contents based on checksums.

How does WinRAR check a password?
 

WinRAR does not check a password at all. It passes a password through the hash function to set a 128/256 Bit AES encryption key and then uses this key to encrypt the file data valid until RAR 4.x format. The new RAR 5.x format detects wrong passwords even before starting extraction and does not extract garbage. RAR 5.x stores a special password hash generated by one way hash function. Consequently the knowledge of this hash does not allow to know a password of the encryption key. When password is entered RAR compares its hash to stored hash in case of no match it rejects the wrong password early. This one way hash function is intentionally slow and based on PBKDF2, therefore it does not allow to increase the brute force attack performance noticeably.

What happens if the password is incorrect?
 

In case you have entered a wrong password, WinRAR will notify you about the wrong password. (screenshot of RAR 5.x wrong password)

What is the “Encrypt file names” Option?
 

If you set “Encrypt file names” option, WinRAR will encrypt not only file data, but all other sensitive archive areas like file names, sizes, attributes, comments and other blocks. It provides a higher security level. If you want to prevent third parties from drawing conclusions about you or the content based on the meta files, you may enable this function. Without a password it is impossible to view even the list of files in the archive encrypted with this option.

 

How important is the length of the password?
 

The length is crucial. However, do not use words from dictionaries, combination of words, or birthday dates. Even though they might be long passwords, it does not make them very safe.

The time cost of password exhaustive search attack in WinRAR

Character Password Length Time Cost of Attack WinRAR
(0-9) 6 3.9s
(0-9,a-z) 6 5.8h
(0-9,a-z,A-Z) 6 152d
(0-9,a-z,A-Z) 7 26.6y
(0-9,a-z,A-Z) 8 1610,1y

More information about exhaustive password search attacks and the security of key derivation functions by Jie Chen, Jun Zhou, Kun Pan, Shuqiang Lin, Cuicui Zhao, Xiaochao Li can be found in "Journal of Computers, Vol. 8, No. 9, September 2013 – The Security of Key Derivation Functions in WinRAR."

WinRAR recommends at least 8+ characters password for usual data and super sensitive data at least 12+ charakters. Please not that RAR maximum file encryption password length is 127 characters. Longer passwords are truncated to this length.

What is a good password?
 

A good password consists of a combination of letters, numbers, and special characters. It should have a minimum length of 8 characters. A combination of letters, numbers, and special characters is harder to guess since there are 30,000 times as many possible combinations in comparison to an eight-character password that has only lower case letters.

Since it is hard to remember random alphanumeric passwords, abbreviate a sentence and turn it into a password. Use the words from the sentence and form a password.

Here are some examples by Bruce Schneier, security expert and CTO at Resilient,https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html

Before we gave the examples, these passwords were secure:

WIw12,mbtmotr... = When I was twelve, my brother threw me off the roof..

Puh...thatiaus::ebay.ccoomm = Puh, that is an ugly sweater.

Ou@time-twtlg~! = Once upon a time there were three little girls.

bWGTE,TPw5:bwgte,tpwweresecure = Before we gave the examples these passwords were secure.

Combine a memorable sentence from personal memories and make that sentence into a password that is at least 8 characters long.

Is it true that cryptographic keys can be found in virtual memory?
 

This is a common issue with most softwares. But since the release of WinRAR 4.20 we take special measures to minimize the intermediate storage of plain text passwords in virtual memory. Unlike plain text passwords, encryption keys are indeed present in virtual memory during extraction, but cleaned once the extraction is done. In order to do that we do use a special Windows API function to encrypt plain text passwords and AES keys in memory, namely CryptProtectMemory by Microsoft.

https://msdn.microsoft.com/de-de/library/windows/desktop/aa380262(v=vs.85).aspx

Malicious persons need full access to a user's computer to make a dump of WinRAR process memory and then extract keys from this dump. If somebody can make memory dumps of a user’s computer at any time and copy such dumps, the user already has a major security leak.

Please be aware the feature and scenario described above is only valid for Microsoft platforms.

Does WinRAR leave artifacts in temp folders that show changes to the archive and files that the user viewed through WinRAR?
 

Yes, if a user views archived files in other apps, WinRAR unpacks them to temp to pass to other apps. It is required if we wish to pass data to another app.

WinRAR deletes such temp files on following runs when they are at least 1 hour old. WinRAR cannot delete them immediately, because they still can be needed for an external app. If a user does not want WinRAR to unpack files to temp folder, he should not open archived files in external apps while browsing an archive. He can unpack files to a folder manually, process them as he wants and delete that folder manually.

Can an attacker make an educated guess about the content of an encrypted archived file based on the compression of different file types because they will produce distinct compression ratios? Does this knowledge help to identify file types even when a user is renaming the file name with something unrelated?
 

In other words, can we guess about the file format based on compression ratio? For example, is there a worse compression rate for JPG and better for TXT? If compression ratios are visible, you can also see the file format and file names. Users who have sensitive data can enable the “encrypt file names” option and hide both file names and ratios. Unlike many other archive formats, RAR allows to encrypt not only file data, but also optionally file headers and thus all meta files.

Recovery Record Feature
 

In addition to the Encryption Feature, WinRAR‘s strength lies in the recovery of data in partially damaged archives. Especially with the new format RAR5, the Recovery Record is based on Reed-Solomon codes. This helps increasing the chance of data recovery significantly.

How does the Recovery Record Feature work?
 

Imagine a recovery volume contains a certain sum of volumes. If you have a list of numbers, where one is missing, and you know the overall sum, you can reconstruct the missing number.

Imagine you have the numbers 25, 14, 77 and 41. You know that there is one number missing. The overall sum is 181. 25+14+77+41=157. The only number that adds up to 181 is 24.

If you had the 24 and the 77 was missing you would calculate as follows: 24+25+14+41=104. The number that would add up to 181 is 77.

This way the recovery number enables you to find any missing number.

When you compress data, for example music files, into .rar files, you can choose the option add “Recovery Record” to the .rar files. You can choose from 1 to 10 percent. The number indicates the percentage of the Recovery Record size of the archive. In case of RAR 5.0 format the recovery record can be as large as archive itself. If you have a multiple data damage, it might be less. Using Recovery Record slightly increases the size of your .rar files, but it helps recovering data should your file become corrupted for example by viruses, bad disc, etc. WinRAR can help you fix these corrupted files. Larger recovery record allows to restore a larger damaged area, but increases the archive size more and is processed slower. Usually 3 - 10% of archive size is a reasonable choice.

How much should the value of the Recovery Record be?
 

A value of 3-10% should to be enough. The higher the value the better the chance of recovering the damaged or missing part of an archive. However, the higher the value the bigger the archive size and time of creating and reading the archive. WinRAR sets the recovery record size to 3 % by default.

When is the Recovery Record function useful?
 

It is particularly useful for long term backups. Optical media such as CD and DVD, flash memory like USB flash drives and magnetic storage like HDD can develop bad blocks after long term storage. CDs and flash drives are even more prone to data errors than HDDs.

So adding 5 -10 % recovery record to backups intended for long term storage provides additional protection against such errors. However, it does not guarantee successful recovery, because every protection has its damage limit. But it significantly increases chances of such recovery.