6
2. WINRAR
WinRAR is capable of supporting all popular compression formats, including .rar and
.zip files [17]. The software uses the Advanced Encryption Standard (AES) to encrypt
archives. WinRAR 5.0 and higher supports AES-256 while earlier versions use AES
128. Users specify a password to encrypt the archive in question. The AES key is
then derived from the given password implementing Password-Based Key Derivation
Function 2 (PBKDF2) [18].
The compression and encryption functions in WinRAR are independent of each
other. Files are first compressed then encrypted when added to an archive [9]. The
user may further specify one of two encryption modes to apply to the archive. First,
the user may encrypt only the file data. This allows information such as file names
to be viewed in plaintext. The second mode encrypts both file data and header
information, including file names, sizes, and other attributes [19].
2.1 WinRAR v5.0
As of September 2013, WinRAR introduced the new RAR5 archiving format. Sev
eral important changes, which will be discussed below, are implemented in the newest
version. It is important to note that RAR5 files are not compatible with versions of
WinRAR prior to 5.0. During this transition to a new format, the older RAR format
is currently the default archive format.
Versions 5.0 and above introduce new features to the compression algorithm [18].
The maximum dictionary size has been increased to 1GB. The default size is now
32MB. This gives a higher compression ratio with a sacrifice to speed when compared
to the earlier versions. In addition to the general compression algorithms, Intel IA-32
executable and delta compression algorithms are now implemented. Some older algo
7
rithms such as RAR 4.x test, audio, true color and itanium are no longer supported.
Theses changes increase the efficiency of the software when handling modern data
types.
Changes in the encryption algorithm and related features offers stronger infor
mation security. The encryption algorithm now uses 256-bit AES in place of the
previous 128-bit AES. To derive the key for AES-256, WinRAR now implements the
key derivation function PBKDF2 using HMAC-SHA1. To circumvent the discovery of
encrypted information through system memory, the password verification method now
allows for the detection of wrong passwords without unpacking the encrypted file. Ad
ditionally, the file checksums are now modified with a propriety password-dependent
algorithm. According to Rarlabs, it is now “impossible” to guess the contents of a
file by comparing it with the typical CRC32 and BLAKE2 values [18]. Users can use
a 256-bit length BLAKE2 hash in lieu of the default CRC32 file checksum.
Finally, the RAR5 format has improved the recovery of broken archives. The new
implementation is now based on Reed-Solomon error correction codes [18]. If the
recovery record is at least 5% of the original file size, the correction scheme pro
vides much higher resistance. This allows the software to detect larger deletions and
insertions to an archive. Further details can be found in [20].
2.2 WinRAR encryption
WinRAR has used AES encryption beginning with the release of version 3.00 [21].
AES was introduced by the National Institute of Standards and Technology (NIST)
in 2001 [22]. It is a symmetric block cipher based on the Rijdael cipher developed by
Joan Daemen and Vincent Rijmen.
AES-128 uses a 128-bit length key and consists of 10 rounds while AES-256 has a
key length of 256 bits and goes through 14 rounds. Each AES round consists of four
transformations [22]:
SubBytes This is a non-linear byte substitution using a substitution table.
8
ShiftRows The final three rows of the state are cyclically left shifted.
MixColumns Each column is multiplied modulo x
4
+ 1 to mix the bytes.
AddRoundKey The final transformation is an XOR of the state with the round
key.
The final round omits the MixColumns transformation.
The AES algorithm requires a cryptographic key. In a password protected archive,
a key can be generated from the password using a key derivation function (KDF).
KDFs take as input the password, salt, and the desired length of the master key.
These are then used in a pseudorandom function for a fixed number of interations.
In WinRAR, the salt is stored as an option field in the file header and the key length
depends on the file version. WinRAR uses PBKDF2, which implements HMAC with
SHA-1 as the pseudorandom function [23].
2.3 WinRAR compression
WinRAR uses a proprietary compression implementatiom developed by Eugene
Roshal [17]. This implementation includes several well-known compression algorithms
such as: Lempel-Ziv-Storer-Szymanski (LZSS), PPM with Information Inheritance
(PPMII), Intel IA-32 and delta encoding. These methods will be discussed in detail
below.
2.3.1 LZSS
LZSS is the primary compression method for WinRAR. It is a lossless data com
pression algorithm derived from LZ77 [24]. LZSS is a dictionary coding technique
that utilizes previously seen text as a dictionary. A string of symbols, S, is replaced
by pointers to substrings of S in the dictionary along with the length of the substring.
The pointers are original if they point to a substring of the original source. Similarly,
Dostları ilə paylaş: |