Author Topic: Why RAR compression still popular ?  (Read 3423 times)

0 Members and 1 Guest are viewing this topic.

Offline HighVoltage

  • Super Contributor
  • ***
  • Posts: 4441
  • Country: de
Re: Why RAR compression still popular ?
« Reply #25 on: May 26, 2018, 10:42:02 pm »
Unless you're truly skilled and have a background in cryptology you really shouldn't roll your own cryptography for anything of importance. Encryption is tough to get right without leaking information or being susceptible to a multitude of attacks beyond brute force.

Encryption to me is like a real "Fire Safe", it is only safe for a certain temperature and time but eventually it will get hot inside.

Cryptography has been only a hobby for me for many years, not a profession.
But I have tried to crack some protected RAR files with no success, as long as the passphrase is long and complicated enough. Well, if a government powered brute force is used, I have no idea how long they would need on a RAR file?

But, there is not too much encryption software that we can really trust.
Probably the last good one was PGP in the last DOS version.

Using one time pad is not that difficult.
It all comes down to a truly random key.
And if you make that key 1GB is size, people have to go through a lot of effort to get that key from you.
You just have to hide the key very well and do not exchange it over the internet.
 

There are 3 kinds of people in this world, those who can count and those who can not.
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 5834
  • Country: nl
Re: Why RAR compression still popular ?
« Reply #26 on: May 26, 2018, 11:01:14 pm »
With a one time pad there is no hard randomness condition for the key, like it has to have ultra high entropy or such, other than that it is unique, can't be easily guessed or social engineered. So yeah it should not be a logical sequence or have short repetition intervals but it also does not need to be extremely random.
You only use each byte of the pad once in contrast to normal crypto where you use the key each time.
 

Offline mariush

  • Super Contributor
  • ***
  • Posts: 3959
  • Country: ro
  • .
Re: Why RAR compression still popular ?
« Reply #27 on: May 27, 2018, 02:45:03 am »
I understand the need for breaking up into pieces, but c'mon, people still using FTP ? I mean for the closed private group sharing ?

scene and piracy and stuff is closed - groups upload to servers they control and to which only few members have access.

What you see on torrents is stuff that gets spilled (leaked) to public - some of the people that gain an account on such private servers by donating money or hardware copy the data to other servers, create torrents and put the torrents on their torrent sites.

Quote
For distribution and downloading, I thought torrent (or it's many variants) now days are far more efficient and "relatively" more secured ? Talking about congesting your bandwidth & recovery, I thought manual FTP-ing multiple files even with concurrent sessions can't beat torrent ? CMIIW

Torrents work well for public distribution, because you make the data available and as soon as a person downloads a chunk from you, that person announces to the swarm that they can upload that chunk to other people and no there's two persons offering that chunk, so you're less overloaded and can serve other chunks to the swarm instead of sending same chunk to n people.  It saves bandwidth, and speeds up distribution.

But when a release is pushed by piracy groups, they more or less only care to push it to "scene server" and have their "release" registered and be credited for being the first with that release.

But the data is still split in chunks of up to 16 MB if i remember correctly, and each chunk is hashed with a relatively weak algorithm, and then there's communication between you and all the peers that want to download stuff from you which can use a bit of bandwidth.. so yeah, it has the benefit of recovery as once a checksum fails, the client downloads a subset of that chunk (up to 16 MB) and checks again, so unlike ftp it can correct data at any point.

anyway... ftp isn't that bad... and nowadays there's also sftp

Quote
What I don't understand is even in formal and legit distributions still using RAR ? How come ?  :-//

Tons examples out there, here a popular well known name, just see the Rigol's firmwares distribution using RAR ? WTF ?  :palm:

well, i would think  tar and tar.gz and tar.bz2 are too uncommon for Windows folks. 

I think in a while there were issues with zip in Linux just like there was controversy with GIF and patents and copyright but I don't think this is a reason for not liking zip... oh and nowadays there's also extensions which make zip not so compatible, just like rar5 archives ... anyway see : https://en.wikipedia.org/wiki/Zip_(file_format)#Strong_encryption_controversy

7zip is fairly new and while it's open source it still needs to be downloaded and installed and the interface is kinda ugly.

In contrast, rar has nice shareware application and they also offer free unrar library and source code (not open source but free to use) which can be used to legally offer decompression of rar archives in Linux and Windows (that's how 7zip and Total Commander (and other file managers) and Winace when it was popular and other compression software supported decompression of RAR archives)

RAR has benefits over regular zip, like solid compression and higher dictionaries which increase compression saving disk space and bandwidth.

7zip offers solid compression but i personally found it's more sensitive to corrupted data ... even with solid compression enabled, with rar archives i'm often able to unpack some files, while with 7zip one bit corrupted and no data can be recovered (if there's no error recovery data in the archive)

I do use 7zip and don't install Winrar nowadays simply because Total Commander has support for 7zip and rar and zip and others built in, so i can handle them without using programs. I use 7zip to create archives only.

For Rigol, it could also be a regional thing, maybe RAR is more popular in Asia ... maybe 7zip's localization is worse for Asian countries and that could be enough for people to not like it there.
« Last Edit: May 27, 2018, 02:49:40 am by mariush »
 

Offline Falkra

  • Regular Contributor
  • *
  • Posts: 189
  • Country: fr
Re: Why RAR compression still popular ?
« Reply #28 on: May 27, 2018, 08:32:17 am »
Recovery record (as said before) is a good point, and the solid archive method : it treats several or all files within the archive as one continuous data stream, which can be interesting with many small files (it's not recommended if you need to extract one single file though or update the archive frequently since the whole data stream has to be read/written).
 

Offline b_force

  • Super Contributor
  • ***
  • Posts: 1184
  • Country: 00
    • One World Concepts
Re: Why RAR compression still popular ?
« Reply #29 on: May 27, 2018, 01:41:59 pm »
In fact, splitting files is very useful when sending a lot of data over.
I travel a lot and internet and wifi isn't always stable everywhere.
Splitting a file make a huge difference if something goes wrong.
Unfortunately the "resume" option when downloading bigger files doesn't always work.

For this reason it also works well for torrents, newgroups and all that kind of stuff.
"If you can't explain it simply (or at all), you don't understand it well enough." A. Einstein

http://www.oneworldconcepts.com/ | http://www.soundprojects.com
 

Offline marshallh

  • Supporter
  • ****
  • Posts: 1462
  • Country: us
    • retroactive
Re: Why RAR compression still popular ?
« Reply #30 on: May 27, 2018, 06:00:44 pm »
RAR has very good packing ratios, is quite fast with compression/decompression, and can be encrypted securely, along with recovery records to correct for media failures.
7zip has good compression ratios, but loses to RAR on the other things.
Verilog tips
BGA soldering intro

11:37 <@ktemkin> c4757p: marshall has transcended communications media
11:37 <@ktemkin> He speaks protocols directly.
 

Offline GlennSprigg

  • Frequent Contributor
  • **
  • Posts: 841
  • Country: au
  • Medically retired Tech. Old School / re-learning !
Re: Why RAR compression still popular ?
« Reply #31 on: June 02, 2018, 12:10:33 pm »
Unless you're truly skilled and have a background in cryptology you really shouldn't roll your own cryptography for anything of importance. Encryption is tough to get right without leaking information or being susceptible to a multitude of attacks beyond brute force.

Encryption to me is like a real "Fire Safe", it is only safe for a certain temperature and time but eventually it will get hot inside.

Cryptography has been only a hobby for me for many years, not a profession.
But I have tried to crack some protected RAR files with no success, as long as the passphrase is long and complicated enough. Well, if a government powered brute force is used, I have no idea how long they would need on a RAR file?
 

I don't know anything about 'TAR-balls' etc, as everything I know about a 'Mac' I could write on the back of a matchbox !!   :)
'ZIP' files/handling is now 'built-in' to Windows, almost too MUCH so !!!.... It shows 'contents' of a Zip as though you are looking
at a normal Windows Folder/Tree/File/View...  (Try telling my 'missus' she is looking inside a Zip !!!  :P).

Encryption types obviously vary, between applications. There WAS a back-door that COULD be exploited for certain OLDER '.Rar'
files, that allowed cracking software to get under the hood & extract. However, that has now been corrected, and will NOT work
now unless you are working with an 'old' .rar compression/encryption.

.RAR files are TODAY, almost synonymous with 'pirating' sites, to simply "go against the 'man'", ie .Zip files !!! Simple as that.
I too have, (just for fun!), 'played' with every legal/illegal Tool known to humankind, to 'crack' certain encryptions, that go
way past the usual boring 'dictionary' attacks, (and I have Giga Bytes of Dictionaries/phrases beyond common thought!).
ALL need many computers taking many weeks or months for anything but the simplest of 'passwords'. (Obviously!).
However, there is ONE 'approach' that works every time for me, in a matter of 5 or 10 mins !!!!!!!....

.RAR (and all other types), of files TYPICALLY contain MANY files... (although not always).  And OFTEN... (let's say Pirates!),
have at least ONE 'file' that is often/always repeated, in inclusion with what ever else. This can take many forms, from a
200/500 byte 'speil' about their main site, and/or logos, or a common 'Thanks' to who ever.....   >:D
NOW, as long as you have an un-encrypted COPY of ONE of those common files, you are home & hosed.....

Because you NOW have something to COMPARE, the software I use will analyze the encrypted .RAR, against a KNOWN filename
and content, and will quickly find a 'KEY' to the encryption. This is NOT the 'password', but is a KEY that will allow, during
the 2nd pass, to re-write the original .Rar file but without ANY encryption....  5-10 mins max  :)

 

Online helius

  • Super Contributor
  • ***
  • Posts: 2997
  • Country: us
Re: Why RAR compression still popular ?
« Reply #32 on: June 02, 2018, 04:45:52 pm »
What you're describing is a known-plaintext attack. If the key can be derived from knowing the plaintext, the cipher scheme is actually weak and not strong. The ZIP encryption is like this (the ZIP archive format is such that encrypted files contain known plaintext based on their name and length).
 

Offline GlennSprigg

  • Frequent Contributor
  • **
  • Posts: 841
  • Country: au
  • Medically retired Tech. Old School / re-learning !
Re: Why RAR compression still popular ?
« Reply #33 on: June 04, 2018, 01:03:00 pm »
Helius ....  Hi there. Yes I'm aware it is called a "plaintext" attack in decryption 'circles', but I was hesitant to mention
that, as some people get the wrong idea what is meant, behind the scenes, so I decided to 'partially' describe it.....

You did say that.......
"If the key can be derived from knowing the plaintext, the cipher scheme is actually weak and not strong"....

For those (not you!), not familiar with the numbers.... (and putting aside 'Dictionaries/phrases'), that a so-called
'Brute-Force' attack, (trying every possible combination of letter & numbers including case-sensitive letters), then
a relatively simple 4 or 5 character 'Password' like.... MuM2, or WiFe01 would literally take 5 or less seconds.
A 7 or 8 character 'password' like....  'JorDan22', or 'XyX911ab' may take between 6 hours and say 18 hours !!
(We are talking about fast computers, NOT just 'fast' in themselves, but the 'parsing/testing' for the 'file').
OBVIOUSLY, when you get into 'passwords' like.....   "MygraNNYisLOvelly010101" etc, you are now into MANY
weeks, not just days !!!!!!

So, back to my original point, (plaintext), I have orchestrated demo tests using 'such' individual files of known
name/content, along with numerous other files/directories, all encrypted into a single '.Rar' file, and have even
used a 'Password' like.....    This01Is02A03Long04PasswordBlaaBlaa   .....
And it STILL found the KEY (using that attack), in less than 30 mins !!!!!.....

I 'note' the multi-digit/character "KEY", and use it on the 2nd pass, (in a special mode now), and almost straight
away I have a copy of the original encrypted '.Rar' file, unencrypted.....

I'm only relaying what I have found..... (With THIS software)  8)
 

Offline apis

  • Super Contributor
  • ***
  • Posts: 1667
  • Country: se
  • Hobbyist
Re: Why RAR compression still popular ?
« Reply #34 on: June 04, 2018, 05:07:39 pm »
I'm only relaying what I have found..... (With THIS software)  8)
What software is that if I may ask? :)
 

Offline GlennSprigg

  • Frequent Contributor
  • **
  • Posts: 841
  • Country: au
  • Medically retired Tech. Old School / re-learning !
Re: Why RAR compression still popular ?
« Reply #35 on: June 06, 2018, 02:37:00 pm »
I'm only relaying what I have found..... (With THIS software)  8)
What software is that if I may ask? :)

I'm reluctant to mention, mate, as it's relative to a professional enterprise package designed for forensics & law-enforcement.
It works 50 to 100 times as fast as general commercial software, and much more powerful/diverse in functionality.... (PM me)
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf