#1
|
|||
|
|||
RAR Password in 5 -15 minutes? Do you believe that?
Someone I know claimed that he can break RAR password protection using tricks just in 5-15 minutes (let's say 6 chars password). Wow,man, do you believe that? I need comments, guys. OK I read some comments on minawahib1's post on request site, but I need to know whether it is really possible somehow or absolutely NOT (for this moment). Are you really really sure AES unbreakable for now? Thanks..
Last edited by ivanov; 11-02-2005 at 04:33. |
#2
|
||||
|
||||
depends on the password. if i have a 1-5 char password, i can break it also in this time (and faster )
i don't see any holes in the implemention, so it's not possible. |
#3
|
|||
|
|||
Quote:
|
#4
|
|||
|
|||
Seems to be a fake (due to the 0x40000 iterations of SHA-1 Dr. Golova mentioned) or the guy you know has some hardware implementation that cracks .rar passwords in parallel on several thousands devices.
|
#5
|
|||
|
|||
Quote:
P.S. Actually, I knew one trick with such efficiency - rectothermal cryptanalysis. |
#6
|
|||
|
|||
Dmit, rectothermal cryptanalysis - do you mean this method? :-D
hxxp://www.passwords.ru/photos/elcomhard.jpg |
#7
|
|||
|
|||
I do not think it is easy when password is combine string + no# + spec chars.
|
#8
|
|||
|
|||
Thanks guys, I am with you, it's not that easy.
@Dmit: i am giving him a test now, I told him that you all wait the result.... |
#9
|
|||
|
|||
This can be true in the case of very small archives and short passwords -
just after decompression a whole archive you can see, if you use right password - so only very short archive can be unpacked in responsible time. |
#10
|
|||
|
|||
Rectothermal cryptanalysis rulez!
Quote:
File is being encrypted after it's compressed! So when you are trying to decompress encrypted archive the sequence is smth like this: 1). Decrypt file/block with given password (or hash of password, or hash(hash(password)), etc); 2). Calculate hash of decrypted file/block; // I think WinRAR uses for this only few bytes from the beginning of the archive, may be one block 3). Compare with valid hash (that valid hash is calculated when file is being archived/encrypted); 4). If bad hash - "Wrong password!"; 5). Else - decrypt other blocks and decompress decrypted file. There is NO need to decompress or decrypt the WHOLE file to check if password is valid. One block is enough. So there is no difference what is being bruteforced - tiny or huge archive. BTW if you try to encrypt file before compressing it, that encrypted file will have very "bad" entropy and file compression ratio will be ~0% [ (decompressed_size - compressed_size) / decompressed_size ] @Sten Yes, this method really works! RSA-8192 or true AES-256 in few minutes Last edited by cbs; 11-03-2005 at 06:58. |
#11
|
|||
|
|||
and it also depends on your CPU speed
|
#12
|
|||
|
|||
I do not believe that . when password is combine string + spec chars
|
#13
|
|||
|
|||
Quote:
Ofcourse you can try bruteforce smaller file in archive, or try found "stored" (uncompressed, only encrypted) files, but if such files absent in arc? =) Last edited by Dr.Golova; 11-03-2005 at 17:41. |
#14
|
|||
|
|||
@cbs
Lets find out if you statement is true ; here is small rar archive packed with Winrar 3.x (max. compression , solid archive +password (encrypt file names) (14 chars long , chars are numbers+small letters) Give me what is inside and i will believe you. Last edited by hosiminh; 11-03-2005 at 21:01. |
#15
|
|||
|
|||
hehe, hosiminh is funny. I promise noone can do that at this time even brutce-force method.
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Best way to get a rar password? | Rhodium | General Discussion | 4 | 01-27-2004 22:57 |
Help with 60 minutes timelimit on a plugin | crille | General Discussion | 4 | 08-23-2002 03:42 |