1

If I have an original file and a WinRAR password protected .rar file containing that file, can I extract the password?

e-sushi
  • 17,891
  • 12
  • 83
  • 229
ASD
  • 19
  • 2
  • 1
    Known plaintext attacks don't work against modern ciphers. – CodesInChaos Jun 29 '15 at 14:27
  • so there is no way?? – ASD Jun 29 '15 at 14:28
  • 2
    I can't say for sure without having looked at the winrar crypto in detail, but I consider it pretty unlikely since it'd require an unusually dumb mistake. Probably the best you can do is running a program that tests many password candidates, but that's only feasible for simple passwords. – CodesInChaos Jun 29 '15 at 14:32
  • can i extract that encrypted file ?because password is on file not on winrar file.after that comapring original file and encrypted file of that original file there is way to get password?? – ASD Jun 29 '15 at 14:36
  • I'm confused. Is the winrar file encrypted or is the file encrypted and then stuck in an unencrypted winrar file? – mikeazo Jun 29 '15 at 15:01
  • @mikeazo suppose that file name is xyz. i have xyz file and another rar file. rar file contains xyz file but it is password protected and rar file also contains other file i need that other file it is possible if the password can be extracted. – ASD Jun 29 '15 at 15:07
  • What is the password encrypting? xyz file, rar file, other file? – mikeazo Jun 29 '15 at 15:10
  • all files in rar files – ASD Jun 29 '15 at 15:13
  • Let's continue this discussion in chat. – mikeazo Jun 29 '15 at 15:21
  • @mikeazo Sorry for late response im busy those days. so is there any new idea? – ASD Jul 12 '15 at 05:49
  • 1
    @ASD, I still don't have a clear picture of what is encrypted and how. The answer below by otus is correct if RAR encryption is used. But, based on our discussions it sounds like that might not be the case. It sounds like files are encrypted using some custom method then all the encrypted files are combined using WinRAR. – mikeazo Jul 13 '15 at 13:20

1 Answers1

6

No, in general you cannot.

WinRAR uses AES (128 or 256 depending on version) for encryption, which does not allow key recovery even with know plaintext and ciphertext.

It also uses key stretching to derive the encryption key from a password. The algorithm used in newer versions is PBKDF2 with a version dependent iteration count. So a key-guessing attack is only possible for low entropy passwords. There is a verifier in the file format that allows checking password guesses, so knowing a plaintext and/or ciphertext does not give any advantage there either.

otus
  • 32,132
  • 5
  • 70
  • 165