Evaluation of the security of password-protected encrypted RAR3 and RAR5 archives

Abstract:
Roshal Archive (RAR) format is one of the most widely used data archive formats, enabling users to reduce the size of data and protect it with the desired password before the data is transferred to its intended recipients over the network. This work focuses on the security of encrypted RAR archives and various different approaches for their decryption. Two different datasets composed of randomly generated and real-world user passwords were used for deploying brute force and dictionary attacks on password-protected RAR archives. Two available and widely used tools, John the Ripper and Hashcat, were used for cracking passwords of encrypted RAR3 and RAR5 archives. Experimental results indicate that both brute force and dictionary attacks were unsuccessful for RAR archives protected with randomly generated passwords, even of very small length. Real-world user passwords were successfully cracked only partially by brute force attacks, whereas dictionary attacks were very successful. The success rate for RAR5 archives was only slightly lower than for RAR3 archives and processing times were similar, indicating that this new version of the RAR format does not significantly improve data security. Instead, the security of RAR archives can be increased by using longer passwords more similar to randomly generated data, which are not present in commonly used dictionaries, as indicated by the experimental results.