How rar packs and protects files?

[winndy]

I compress the same file with the same password with Winrar.
But when I view them with HEX tools,they are not the same!!
Only file headers are the same.
Strange!

How it works?

[gigaman]

I guess WinRAR encrypts a few bytes of random data (so called "salt") before the real stream - which changes the whole result. That's a standard technique to prevent (some) crypto attacks.

I don't understand, what you want to know. The "salt" bytes are useless for decompression. They are put in front of the compressed data before encryption. For the same reason, they are useless after decryption, since they are not needed for the decompression.

The idea behind the "salt" bytes is to make the encrypted data look different. Like already said, it makes crypto-analysis a bit harder.

Do you think there's another way to encrypt rar-files??
i hate my advanced rar password recovery...
but i have heard, that the files crypted by winrar aren't "recoverable" (excuse my english...actually i'm italian living in germany...O_o) even for the programme itself, if you don't type the correct password...but now I'm interested in finding out, how rar crypts files...i'll try and let you know...

[Asus]

I do not think we may crack .rar pwd or recovery .rar pwd at this time. With some tools, they take us much time with no luck.

there is no luck with cracking the file with regular methods, maybe the BF attacks are the most susccessfull and could retrieve the password for you in about 6 hours depending on the speed of your cpu and ofcoz the encryption of the file.. dont forget that rar files uses 128bit encryption afaik.. so it's really insane to start digging through all the strings

> BF attacks are the most susccessfull and could retrieve the password for you in about 6 hours

Do you have any significant results ?