RAR Password in 5 -15 minutes? Do you believe that?

[ivanov]

Someone I know claimed that he can break RAR password protection using tricks just in 5-15 minutes (let's say 6 chars password). Wow,man, do you believe that? I need comments, guys. OK I read some comments on minawahib1's post on request site, but I need to know whether it is really possible somehow or absolutely NOT (for this moment). Are you really really sure AES unbreakable for now? Thanks..

[MaRKuS-DJM]

depends on the password. if i have a 1-5 char password, i can break it also in this time (and faster )

i don't see any holes in the implemention, so it's not possible.

Quote:

Originally Posted by ivanov

Are you really really sure AES unbreakable for now?

Don't forget about 0x40000 iterations of SHA-1 based hash for "password to decryption key" transformation - it's take about 0.1 sec per password on my machine (2.5GHz). If it's not joke - it's at least not simple bruteforce (but how bruteforce without decompression? you can't know even one byte from compressed stream)

[Sten]

Seems to be a fake (due to the 0x40000 iterations of SHA-1 Dr. Golova mentioned) or the guy you know has some hardware implementation that cracks .rar passwords in parallel on several thousands devices.

Quote:

Originally Posted by ivanov

Someone I know claimed that he can break RAR password protection using tricks just in 5-15 minutes (let's say 6 chars password).

Just give some RAR with 6-chars password to "someone you know" and wait for 5-15 minutes. Or 15 hours. After that you would know for sure if trick really exists.


P.S. Actually, I knew one trick with such efficiency - rectothermal cryptanalysis.

[Sten]

Dmit, rectothermal cryptanalysis - do you mean this method? :-D

hxxp://www.passwords.ru/photos/elcomhard.jpg

[Asus]

I do not think it is easy when password is combine string + no# + spec chars.

[ivanov]

Thanks guys, I am with you, it's not that easy.

@Dmit: i am giving him a test now, I told him that you all wait the result....

This can be true in the case of very small archives and short passwords -
just after decompression a whole archive you can see, if you use right password -
so only very short archive can be unpacked in responsible time.

Quote:

Originally Posted by Janus68

This can be true in the case of very small archives <...> -
just after decompression a whole archive you can see, if you use right password

Really? I don't think so.
File is being encrypted after it's compressed!
So when you are trying to decompress encrypted archive the sequence is smth like this:

1). Decrypt file/block with given password (or hash of password, or hash(hash(password)), etc);
2). Calculate hash of decrypted file/block; // I think WinRAR uses for this only few bytes from the beginning of the archive, may be one block
3). Compare with valid hash (that valid hash is calculated when file is being archived/encrypted);
4). If bad hash - "Wrong password!";
5). Else - decrypt other blocks and decompress decrypted file.

There is NO need to decompress or decrypt the WHOLE file to check if password is valid. One block is enough.
So there is no difference what is being bruteforced - tiny or huge archive.

BTW if you try to encrypt file before compressing it, that encrypted file will have very "bad" entropy and file compression ratio will be ~0% [ (decompressed_size - compressed_size) / decompressed_size ]

@Sten
Yes, this method really works! RSA-8192 or true AES-256 in few minutes

[deadlybugs]

and it also depends on your CPU speed

I do not believe that . when password is combine string + spec chars

Quote:

Originally Posted by cbs

There is NO need to decompress or decrypt the WHOLE file to check if password is valid. One block is enough.
So there is no difference what is being bruteforced - tiny or huge archive.

Wrong. There is no "blocks" - winrar compress whole file at once, and known checksum (crc32) is for whole uncompressed file too.
Ofcourse you can try bruteforce smaller file in archive, or try found "stored" (uncompressed, only encrypted) files, but if such files absent in arc? =)

[hosiminh]

@cbs

Lets find out if you statement is true ; here is small rar archive packed with Winrar 3.x (max. compression , solid archive +password (encrypt file names) (14 chars long , chars are numbers+small letters)

Give me what is inside and i will believe you.

[Asus]

hehe, hosiminh is funny. I promise noone can do that at this time even brutce-force method.