X
X
XenK2015-09-07 07:55:29
rar
XenK, 2015-09-07 07:55:29

Is it possible to hack RAR?

Actually, the question arose, if you put a password, for example, of 16 characters on a RAR archive, is it really possible to crack it (by brute force, and in other ways ...)? And approximately how long will it take?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
P
Philipp, 2015-09-07
@XenK

RAR encryption is based on AES with a 256-bit key. Even with Moore's law, it would take more than a century to brute force a 16-character strong password.
The length of the English alphabet is 26 characters plus 10 digits. We have a total password alphabet length of 36 characters.
If a brute is used and we allow characters to repeat in a row, then the number of possible combinations is equal to the factorial of the length of the alphabet.
36! = 371993326789901000000000000000000000000000
This is the number of possible combinations.
Here they talk about enumeration on two GPUs and the speed is 15000 enumerations per second.
From here we obtain, taking into account Moore's law(performance doubles every two years) number of iterations in 100 years:
15000 * 3600 * 24* 365 * (2^50) = 532595691932835000000000000
It is easy to see that this number is much less than the above.
If we divide the original number of password options by this number, we get the number of instances it will take to crack the password in 100 years.
37199332678990100000000000000000000000000 / 532595691932835000000000000 = 698453503144019
I believe that cracking a password, even on a global scale, does not make sense. It is much more profitable to use social engineering and any other non-technical approach.
And if the password is simply forgotten - apply psychotechnics or abandon the idea.
By the way, if you add one character to the password alphabet, the complexity of its enumeration increases by the length of its alphabet. Therefore, it is so important to use a complex password with special characters inside.

D
dero2084, 2015-09-07
@dero2084

It all depends on the length and complexity of the password. If the password is 123456, then you can decrypt it without problems. If the password is strong, for example, the password length is 6 more characters, including uppercase, lowercase letters, numbers and special characters, then forget it, nothing will work!
It is no coincidence that IB uses a strong password rule.

M
Mokhirjon Naimov, 2015-09-07
@zvermafia

It took ~20 minutes for 3 or 4 characters without a dictionary...

K
kuza2000, 2021-02-04
@kuza2000

Launched the search now on my laptop. The GPU is used, but in the laptop, as you understand, there is not a very powerful vidyuha. GeForce MX150, 1531 MHz, 384 SP cores.
I sort through English characters, large and small, and numbers, the length of the alphabet is 62. The enumeration speed is about 6000 per second.
Passwords 4 characters long got over in 40 minutes.
They are still moving to 5, the estimated time is 42 hours.
You can estimate for 6, 7, 8 characters:
6 - 109 days
7 - 18 years
8 - 1150 years
9 - 71 thousand years
On a GPU farm, it will probably be 100 times faster. There are also supercomputers. Well, progress does not stand still. In general, evaluate.
For myself, I concluded that a password of 8-9 characters (large, small, numbers and special characters) can be considered quite reliable for my purposes. But random characters, of course.
All this applies only to rar. For other archivers, the selection speed can vary greatly.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question