Skip to main content
Log in

On the security of the WinRAR encryption feature

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript


Originally written to provide the file compression feature, computer software such as WinRAR and WinZip now also provide encryption features due to the rising need for security and privacy protection of files within a computer system or for sharing within a network. However, since compression has been much in use well before users saw the need for security, most are more familiar with compression software than they are with security ones. Therefore, encryption-enabled compression software such as WinRAR and WinZip tend to be more widely used for security than a dedicated security software. In this paper, we present several attacks on the encryption feature provided by the WinRAR compression software. These attacks are possible due to the subtlety in developing security software based on the integration of multiple cryptographic primitives. In other words, no matter how securely designed each primitive is, using them especially in association with other primitives does not always guarantee secure systems. Instead, time and again such a practice has shown to result in flawed systems. Our results, compared to recent attacks on WinZip by Kohno, show that WinRAR appears to offer slightly better security features.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others


  1. Anderson, R.: Security Engineering – a guide to Building Dependable Distributed Systems. Wiley, USA (2001)

    Google Scholar 

  2. Bellare, B., Namprempre, C.: Authenticated encryption—relations among notions and analysis of the generic composition paradigm. In: Proceedings of Asiacrypt '00, LNCS 1976. pp. 531–545. Springer-Verlag, Germany (2000)

  3. Biham, E., Kocher, P.: A known plaintext attack on the PKZIP Stream cipher. In: Proceedings of Fast Software Encryption '94, LNCS 1008. pp. 144–153. Springer-Verlag, Germany (1994)

  4. Fischlin, M.: Fast verification of hash chains. In: Proceedings of CT-RSA '04, LNCS 2964. pp. 339–352. Springer-Verlag, Germany (2004)

  5. Freeware Hex Editor XVI32, version 2.51. Available at

  6. Gladman, B.: A specification for the AES algorithm. (2003) Available at

  7. Kelsey, J.: Compression and information leakage of plaintext. In: Proceedings of Fast Software Encryption '02, LNCS 2365. pp. 263–276. Springer-Verlag, Germany (2002)

  8. Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: Proceedings of International Workshop on Security Protocols '97, LNCS 1361. pp. 91–104. Springer-Verlag, Germany (1997)

  9. Kohno, T.: Attacking and repairing the WinZip encryption scheme. In: Proceedings of ACM Conference on Computer and Communications Security (ACM-CCS '04). pp. 72–81. ACM (2004)

  10. Kohno, T.: Analysis of the WinZip encryption method. (2004). Cryptology ePrint Archive Report 2004/078. Available at Full version of 9

  11. NIST: AES page. Available at CryptoToolkit/aes

  12. RARlab: WinRAR Archiver. (2005). RAR—What's New in the Latest Version. Available at

  13. RARlab: WinRAR—at a Glance. (2005) Available at

  14. RARlab: WinRAR - Version History. (2005) Available at

  15. Stay, M.: ZIP attacks with reduced known plaintext. In: Proceedings of Fast Software Encryption '01, LNCS 2355. pp. 124–134. Springer-Verlag, Germany (2001)

  16. Stefanek, S.: C++ Implementation of Rijndael (2004)

  17. Storer, J.A., Szymanski, T.G.: Data Compression via textural substitution. J. ACM 29(4), 928–951 (1982)

    Article  MathSciNet  Google Scholar 

  18. Symantec Corp: Norton SystemWorks 2005. Available at

  19. WinZip Computing, Inc. What's New in WinZip 9.0. (2005). Available at

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Raphael C.-W. Phan.

Additional information

Gary S.-W. Yeo completed his B.Eng in Electronics & Computer Systems in the first half of 2005, and is currently working as an electronics engineer with a semiconductor fab facility.

Raphael C.-W. Phan is currently Director of the Information Security Research (iSECURES) Laboratory at the Swinburne University of Technology (Sarawak Campus) – SUTS, Kuching, Malaysia. Raphael researches on cryptography, cryptanalysis, authentication and key exchange protocols, smart card security, hash functions and digital watermarking. His work has been published in refereed journals published by IEE, IEEE, Elsevier Science and US Military Academy; and in internationally refereed cryptology conferences published by Springer-Verlag, Germany. He is referee for several IEEE journals on the area of information security. He is General Chair of Mycrypt '05 and Asiacrypt '07, Program Chair of the International Workshop on Information Security & Hiding (ISH '05), and technical Program Committee member of Mycrypt '05, the International Conference on Information Security & Cryptology (ICISC '05) and International Conference on Applied Cryptography & Network Security (ACNS '06).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yeo, G.SW., Phan, R.CW. On the security of the WinRAR encryption feature. Int. J. Inf. Secur. 5, 115–123 (2006).

Download citation

  • Published:

  • Issue Date:

  • DOI: