RAR Archiving & Password

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
As I start to get back into computers and such, I was thinking of something
today.  How exactly does the password option work in RAR archives?  When
you archive a file (or files) you can see the filenames in plain text if
you look at the archive in notepad or some such.  I'm assuming it just uses
the password like a key is used in normal encryption of something.  Even
then, how does the encryption know that you've entered the correct
password/key?  If you were given an encrypted statement and told to decrypt
it, how would you know that you did it correctly unless you had something
to go by (assuming the statement wasn't plain text)?  Does the RAR archive
have something to look at and say "yes, this is correct"?  Or even if we're
not talking about a RAR archive and something is encrypted using a certain
key, how does the software know that you've entered the correct decryption

Just a thought.

Thanks in advance for any enlightenment.

Re: RAR Archiving & Password

Quoted text here. Click to load it

I assume that you had instructed the system to recognize a certain password
as the correct one so that when this is used,  the user can have access to
the page.

      Luigi Donatello Asero
 谢谢你,  спасибо,  tack så mycket!

Re: RAR Archiving & Password

Correct, say I had used a key of "password".  Would the encryption then
include that "password" somewhere in the archived file (albeit encrypted)
so that when the user went to decrypt the file, it could look at that point
within the file and say, "yes, the key is correct"?  If so, does the
encryption use the same internal key to encrypt the user-provided key?  
Again, if so, is the encrypted key kept in the same location each time?

Thanks again for any feedback!

Re: RAR Archiving & Password

Quoted text here. Click to load it

     Since the people who actually know haven't spoken up, I'll
reason from analogy.  What follows is from my experience with ZIP.

     ZIP computes and stores the CRC of the plaintext.  When
decrypting with a wrong key, the CRCs won't match.  Some versions
of UNZIP will give you the decrypted gibberish and tell you the
CRC doesn't match; others will tell you the password is wrong (I
assume based on CRC).  In any case, you can see there's no need to
store the password in the ZIP file, either plain or encrypted.

     Some versions of UNZIP are available in source, so you could
investigate for yourself.  Similarly, I believe, RAR allows anyone
to create UNRAR programs, so the specs should be out there,

     Apparently RAR, like ZIP, compresses and encrypts the files
but not the filenames.  Information can leak from filenames, so
you may want to name your files innocuously.

Arthur T. - ar23hur "at" intergate "dot" com
Looking for a good MVS systems programmer position

Site Timeline