0

I was wondering how rar decryption works.

I know that when I enter a password to encrypt my rar file, my password is derived into a key that is used to encrypt the rar file. But how does the decryption work? How does it know if the password I entered is the good one or not? I guess it could work 2 different ways:

  1. I enter a password to decrypt my file --> It derives a key from this password and tries to decrypt the file

  2. The key that has been derived from my password is hashed and stored somewhere (but where?)? Then when I try to enter a password to decrypt the file, the password is derived into a key, the key is hashed and compared to the value that is stored somewhere?

I think this is more like the second way because if I use John the ripper, the utility john2zip seems to find the hash that is stored somewhere in the rar file, right?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Poubelle Dirty
  • 11
  • 1
  • Either it uses authenticated encryption, in which case the decryption function can tell whether a key is correct or not, or it just checks if what comes out is a valid ZIP or RAR file. It's highly unlikely that you encrypt a ZIP file *M* with key *K* to get an encrypted file *C*, which you then decrypt with another key *K'*, which then results in a valid, but different ZIP file *M'*. –  Nov 19 '20 at 11:10
  • So, if I understand, that's the 2 methods I told in my main post ? But if "zip2john" is capable to "tranform" the content of the rar file into a hash that will be used to brute force it, that means that the hash is contained into the rar file no ? – Poubelle Dirty Nov 19 '20 at 11:44

0 Answers0