Professional Documents
Culture Documents
Language English
For RAR and WinRAR END USER LICENSE AGREEMENT (EULA) Click here
11. How Much Should the Value of the Recovery Record Be?
12. When is the Recovery Record Function Useful?
Two cryptographers, Vincent Rijmen and Joan Daemen, developed the Advanced Encryption Standard (AES)
encryption algorithm, also known as the RijnDael cipher. In 2001 the U.S. National Institute of Standards and
Technology (NIST) adopted AES as the industry standard for secure data encryption. This method is used
worldwide in both hardware and software.
AES Encryption provides a higher level of security than previous encryption methods, such as DES (Data
Encryption Standard), which was the standard encryption algorithm for many years and was widely used by both
government institutions and banks.
A new encryption standard was developed to prevent “brute force” attacks, which had become relatively
successful in cracking these older encryption algorithms.
Modern
We want AESyouencryption usespossible
to have the best 128 orexperience
256-bit keys.
whileThe
usinghigher the number
our service. of bits
Our website usesin cookies
the key,to the
helpmore possible
improve your key
combinations
visit. By usingthere are and
this website, the
you harder
consent to the code
the use is to crack.
of cookies. For more detailed information regarding the use of cookies
on this website, please see our "Privacy Policy". If you prefer not to have cookies stored within your web-browser, please
adjust your
AES-128 Bit:browser settings accordingly.
340.282.366.920.938.463.463.374.607.431.768.211.456 possible key combinations
AGREE
https://www.win-rar.com/encryption-faq.html?&L=0 1/6
7/21/23, 8:54 PM WinRAR Encryption Technology FAQ
Besides governmental institutions and organizations, WinRAR is used by the World Bank, United Nations and
many other non-profit organizations.
The password-based key derivation function is now based on (PBKDF2) using HMAC-SHA256; this is the
core of the WinRAR security mechanism.
A special password verification value detects wrong passwords without unpacking the entire file.
If archive headers are not encrypted (“encrypt file names” option is disabled), file checksums for encrypted
RAR 5.0 files are modified using a special password dependent algorithm. This prevents third parties from
guessing file contents based on checksums.
Since the development of the RAR 5.0 format, WinRAR detects wrong passwords before starting extraction and
does not extract garbage. RAR 5.0 stores a special password hash generated by a one-way hash function.
When a password is entered, RAR compares its hash to the stored hash; in case of no match, it rejects the
wrong password early. This one-way hash function is intentionally slow and based on PBKDF2. This noticeably
decreases the chances of a successful brute force attack.
We want you to have the best possible experience while using our service. Our website uses cookies to help improve your
visit. By using this website, you consent to the use of cookies. For more detailed information regarding the use of cookies
on this website, please see our "Privacy Policy". If you prefer not to have cookies stored within your web-browser, please
adjust your browser settings accordingly.
What is the "Encrypt File Names" Option?
AGREE
https://www.win-rar.com/encryption-faq.html?&L=0 2/6
7/21/23, 8:54 PM WinRAR Encryption Technology FAQ
If you set the "Encrypt file names" option, WinRAR will not only encrypt the file data, but all other sensitive
archive areas like file names, sizes, attributes, comments and other blocks. This provides a higher level of
security.
If you want to prevent third parties from drawing conclusions about the content of the archives based on the meta
files, you should enable this function. Without entering the correct password, it is impossible to even view the list
of files that have been encrypted.
More information about exhaustive password search attacks and the security of key derivation functions, can be
found in "Journal of Computers, Vol. 8, No. 9, September 2013 – The Security of Key Derivation Functions in
WinRAR". Jie Chen, Jun Zhou, Kun Pan, Shuqiang Lin, Cuicui Zhao, Xiaochao Li.
WinRAR recommends using a password with at least 8+ characters for usual data. For sensitive data, at least
12+ characters. Please note that the maximum file encryption password length for RAR is 127 characters.
Longer passwords are truncated to this length.
Since it is hard to remember random alphanumeric passwords, we recommend abbreviating a sentence and
turning it into a password. Use the words from the sentence and form a password.
Here are some examples by Bruce Schneier, security expert and CTO at Resilient,
https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html
We want you to have the best possible experience while using our service. Our website uses cookies to help improve your
Note:
visit.Before
By usingwe gave
this these
website, youexamples, these
consent to the use passwords were
of cookies. For secure:
more detailed information regarding the use of cookies
on this website, please see our "Privacy Policy". If you prefer not to have cookies stored within your web-browser, please
adjust your browser
WIw12,mbtmotr... = settings
When Iaccordingly.
was twelve, my brother threw me off the roof..
AGREE
Puh...thatiaus::ebay.ccoomm = Puh, that is an ugly sweater.
https://www.win-rar.com/encryption-faq.html?&L=0 3/6
7/21/23, 8:54 PM WinRAR Encryption Technology FAQ
WinRAR also has a built-in password manager to help you keep track of your passwords.
https://msdn.microsoft.com/de-de/library/windows/desktop/aa380262(v=vs.85).aspx
Malicious actors would need full access to a user's computer to make a dump of WinRAR process memory and
then extract keys from this dump. If somebody can make memory dumps of a user’s computer at any time and
copy such dumps, the user already has a major security leak.
Please be aware the feature and scenario described above is only valid for Microsoft platforms.
WinRAR deletes these temp files on the following run, when they are at least 1 hour old. WinRAR cannot delete
them immediately, because they may still be needed for an external app. If you do not want WinRAR to unpack
files to the temp folder, you should not open the archived files in external apps while browsing an archive. You
can unpack files to a folder manually, process them as you want and then manually delete the folder.
https://www.win-rar.com/encryption-faq.html?&L=0 4/6
7/21/23, 8:54 PM WinRAR Encryption Technology FAQ
A recovery volume contains a certain sum of volumes, if you have a list of numbers, where one is missing, and
you know the overall sum, you can reconstruct the missing number.
Imagine you have the numbers 25, 14, 77 and 41. You know that there is one number missing. The overall sum is
181. 25+14+77+41=157. The only number that adds up to 181 is 24.
If you had the 24 and the 77 was missing you would calculate as follows: 24+25+14+41=104. The number that
would add up to 181 is 77.
This is the way that the recovery record enables WinRAR to find any missing number.
When you compress data, for example music files, into .rar files, you can choose to add the “Recovery Record”
to the .rar archive. You can choose a value from 1 to 10 percent. The number indicates the percentage of the
Recovery Record size of the archive. In the RAR 5.0 format, the recovery record can be as large as the archive
itself. If you have multiple data damage, it could be less.
Using Recovery Record slightly increases the size of your .rar files, but it helps to recover data should your file
become corrupted by a virus, bad disc, etc. The larger recovery record allows you to restore a bigger damaged
area, but increases the size of the archive and the process is slower.
Adding 5 -10 % recovery record to backups intended for long term storage provides additional protection against
such errors. Adding the recovery record does not guarantee successful recovery, but does significantly increase
the chances of recovering damaged data.
We want you to have the best possible experience while using our service. Our website uses cookies to help improve your
back
visit.to
ByFAQ
usingtop
this website, you consent to the use of cookies. For more detailed information regarding the use of cookies
on this website, please see our "Privacy Policy". If you prefer not to have cookies stored within your web-browser, please
adjust your browser settings accordingly.
AGREE
https://www.win-rar.com/encryption-faq.html?&L=0 5/6
7/21/23, 8:54 PM WinRAR Encryption Technology FAQ
PRODUCTS
DOWNLOAD
INDUSTRIES
PARTNER
SUPPORT
NEWS
PRIVACY
IMPRINT
We want you to have the best possible experience while using our service. Our website uses cookies to help improve your
visit. By using this website, you consent to the use of cookies. For more detailed information regarding the use of cookies
on this website, please see our "Privacy Policy". If you prefer not to have cookies stored within your web-browser, please
adjust your browser settings accordingly.
AGREE
https://www.win-rar.com/encryption-faq.html?&L=0 6/6