This program (Advanced RAR Password Recovery, or simply ARPR) can be used to recover the lost password for a RAR archive. At the moment, there is no known method to extract the password from the compressed file; so the only available methods are “brute force” and dictionary-based attacks. Here is a brief list of ARPR’s advantages:
· ARPR has a convenient and easy to use user interface;
· ARPR works with one protected file at a time (multiple uses of ARPR is possible);
· all compression methods are supported;
· self-extracting archives are supported;
· you can select the custom character set for “brute-force” attack (non-English characters are supported);
· you can interrupt the program at any time. Resuming is supported;
· ARPR can work in the background, using the CPU only when it is in an idle state;
· ARPR can utilise either a customizable “brute-force” approach, or an effective dictionary-based approach. The different approaches can be used for all RAR types and compression methods using AES (Rijndael) 128-bit encryption, e.g., set the password length (range) of the character set used to generate the passwords, and many other options;
· A multilingual interface is provided.
Please note that WinRAR has incorporated AES (using the Rijndael algorithm) encryption since V2.9. The security of your data depends not only on the strength of the encryption method, but also on the strength of your password, e.g., length and composition of the password(s). In general, longer passwords are more secure than shorter ones. Passwords that contain a mixture of letters (upper and lower case), digits, punctuation, spaces, and symbols require a “brute-force” retrieval approach, using all printable characters – an extremely CPU intensive, time consuming process.
A user using AES encryption has the highest probability of success against password retrieval programs. This also means that valuable data will be lost indefinitely if the password is forgotten etc. ElcomSoft’s password retrieval programs have a place for legitimate users who lose their password(s), but processing power and current algorithms mean, that high encryption and short complex password(s) may be more appropriate if you wish to have any chance of retrieving the password(s) to your valuable data.
ARPR’s algorithm, although very effective, is under constant development. Even when using the most powerful optimising password retrieval system it is only possible to test no more than a few thousand passwords each second. Therefore, a “brute-force” attack is effective for files protected with short passwords of up to 5 or 6 characters. The greater the password length beyond 6 printable characters the more infeasible it will be that the password will be retrieved. A dictionary-attack will be your only option and if this is unsuccessful then your valuable data will be lost indefinitely.