On the security of the WinRAR encryption feature

  • Gary S.-W. Yeo
  • Raphael C.-W. PhanEmail author
Special Issue Paper


Originally written to provide the file compression feature, computer software such as WinRAR and WinZip now also provide encryption features due to the rising need for security and privacy protection of files within a computer system or for sharing within a network. However, since compression has been much in use well before users saw the need for security, most are more familiar with compression software than they are with security ones. Therefore, encryption-enabled compression software such as WinRAR and WinZip tend to be more widely used for security than a dedicated security software. In this paper, we present several attacks on the encryption feature provided by the WinRAR compression software. These attacks are possible due to the subtlety in developing security software based on the integration of multiple cryptographic primitives. In other words, no matter how securely designed each primitive is, using them especially in association with other primitives does not always guarantee secure systems. Instead, time and again such a practice has shown to result in flawed systems. Our results, compared to recent attacks on WinZip by Kohno, show that WinRAR appears to offer slightly better security features.


Compression Encryption feature Attacks WinRAR WinZip 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.: Security Engineering – a guide to Building Dependable Distributed Systems. Wiley, USA (2001)Google Scholar
  2. 2.
    Bellare, B., Namprempre, C.: Authenticated encryption—relations among notions and analysis of the generic composition paradigm. In: Proceedings of Asiacrypt '00, LNCS 1976. pp. 531–545. Springer-Verlag, Germany (2000)Google Scholar
  3. 3.
    Biham, E., Kocher, P.: A known plaintext attack on the PKZIP Stream cipher. In: Proceedings of Fast Software Encryption '94, LNCS 1008. pp. 144–153. Springer-Verlag, Germany (1994)Google Scholar
  4. 4.
    Fischlin, M.: Fast verification of hash chains. In: Proceedings of CT-RSA '04, LNCS 2964. pp. 339–352. Springer-Verlag, Germany (2004)Google Scholar
  5. 5.
    Freeware Hex Editor XVI32, version 2.51. Available at
  6. 6.
    Gladman, B.: A specification for the AES algorithm. (2003) Available at
  7. 7.
    Kelsey, J.: Compression and information leakage of plaintext. In: Proceedings of Fast Software Encryption '02, LNCS 2365. pp. 263–276. Springer-Verlag, Germany (2002)Google Scholar
  8. 8.
    Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: Proceedings of International Workshop on Security Protocols '97, LNCS 1361. pp. 91–104. Springer-Verlag, Germany (1997)Google Scholar
  9. 9.
    Kohno, T.: Attacking and repairing the WinZip encryption scheme. In: Proceedings of ACM Conference on Computer and Communications Security (ACM-CCS '04). pp. 72–81. ACM (2004)Google Scholar
  10. 10.
    Kohno, T.: Analysis of the WinZip encryption method. (2004). Cryptology ePrint Archive Report 2004/078. Available at Full version of 9
  11. 11.
    NIST: AES page. Available at CryptoToolkit/aes
  12. 12.
    RARlab: WinRAR Archiver. (2005). RAR—What's New in the Latest Version. Available at
  13. 13.
    RARlab: WinRAR—at a Glance. (2005) Available at
  14. 14.
    RARlab: WinRAR - Version History. (2005) Available at
  15. 15.
    Stay, M.: ZIP attacks with reduced known plaintext. In: Proceedings of Fast Software Encryption '01, LNCS 2355. pp. 124–134. Springer-Verlag, Germany (2001)Google Scholar
  16. 16.
    Stefanek, S.: C++ Implementation of Rijndael (2004)Google Scholar
  17. 17.
    Storer, J.A., Szymanski, T.G.: Data Compression via textural substitution. J. ACM 29(4), 928–951 (1982)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Symantec Corp: Norton SystemWorks 2005. Available at
  19. 19.
    WinZip Computing, Inc. What's New in WinZip 9.0. (2005). Available at

Copyright information

© Springer-Verlag 2006

Authors and Affiliations

  1. 1.Information Security Research (iSECURES) LaboratorySwinburne University of Technology (Sarawak Campus)KuchingMalaysia

Personalised recommendations