Why can't rar passwords be cracked? (1)

1. rarfile generation process.

There are two steps to encrypt a Winrar file:

1: First compress the source file into a data segment.

2: encrypt the compressed data segment.

For the same source file, the data segments in the rarfile are identical after encryption and compression are completed. However, for the same source file, even if the same password is used, the data segments in the rarfile are different after encryption. This is because the encryption key is dependent on a Salt (eight-byte key, used for encryption, stored in the rarfile header), so the key to decrypting a rar encrypted file is data decryption. Next we will study how to encrypt it.

2. encrypt the "compressed data segment" Process

1. Obtain the key:

Combine the plaintext password with the Salt and generate two 16-byte keys using the HASH algorithm. KEY (AES algorithm parameter) and initVector)

2. encrypt and compress data with Key and initVector:

Here is a circular encryption structure. Every 16 bytes serves as a block for encryption, which may be the reason why the total length of the encrypted file is a factor of 16 ). Encryption adopts the AES algorithm RAR using the standard application of AES rijndael ). Note: Before AES encryption, there is an exclusive or operation, which is to first convert each 16-byte block to the encryption result of the last 16-byte block, or then perform the AES algorithm. I use a simple schematic code to see the description:

; ========================================================== ========

Packblock [0] = packblock ^ initVector

EncryptBlock [0] = AES (packblock [0]); KEY is the KEY of AES)

For I = 1 to block quantity-1

Packblock = packblock ^ encryptBlock [I-1]

EncryptBlock = AES (packblock); KEY is the KEY of AES)

Next

; Packblock indicates each 16 bytes of data compressed

; EncryptBlock indicates that each 16 bytes of data is encrypted.

; ========================================================== ========

Iii. decryption process

Because the AES algorithm is symmetric, the decryption process is the inverse operation of the encryption process. However, the AES algorithm process is different from that used for encryption during decryption because the sub-KEY table generated by the KEY is different ). We still need to enter the password and generate two 16-byte keys, KEY and initVector together with salt.

; ========================================================== ========

Packblock [0] = AES1 (encryptBlock [0]); KEY is the KEY of AES)

Packblock [0] = packblock ^ initVector

For I = 1 to block quantity-1

Packblock = AES1 (encryptBlock); KEY is the KEY of AES)

Packblock = packblock ^ encryptBlock [I-1]

Next

; ========================================================== ========

So where can I determine if the password is correct?

The decryption process is to decompress the decrypted data block, decompress it into the source file, and perform CRC verification on the file. If the source file CRC verification code in the rarfile is the same, the password is correct, if they are different, the password is incorrect.