How Important is the Length of the Password?
The length is crucial. However, we would recommend that you do not use words from dictionaries, combinations of words, or birthday dates. Even though they may be long passwords, it does not necessarily make them very safe.
The Time Cost of Password Exhaustive Search Attack in WinRAR:
| Character | Password Length | Time Cost of Attack WinRAR |
|---|---|---|
| (0-9) | 6 | 3.9s |
| (0-9,a-z) | 6 | 5.8h |
| (0-9,a-z,A-Z) | 6 | 152d |
| (0-9,a-z,A-Z) | 7 | 26.6y |
| (0-9,a-z,A-Z) | 8 | 1610,1y |
More information about exhaustive password search attacks and the security of key derivation functions, can be found in "Journal of Computers, Vol. 8, No. 9, September 2013 – The Security of Key Derivation Functions in WinRAR". Jie Chen, Jun Zhou, Kun Pan, Shuqiang Lin, Cuicui Zhao, Xiaochao Li.
WinRAR recommends using a password with at least 8+ characters for usual data. For sensitive data, at least 12+ characters. Please note that the maximum file encryption password length for RAR is 127 characters. Longer passwords are truncated to this length.
