摘要:In various versions of WINRAR, the file security is mainly protected by user authentication and files encryption. Password based key derivation function (PBKDF) is the core of the WINRAR security mechanism. In this paper, the security of PBKDF algorithm and the encrypted file in WINRAR are analyzed by the Game-Playing approach. We show the upper boundary of the Adversary’s Advantage over the random function. With the theoretical derivation, the actual safety of the WINRAR encrypted files has been discussed. According to the latest developments for GPU-based exhaustive password search attacks, we do some experiments and draw a conclusion that if the length of password is longer than 6, the WINRAR and later versions are secure.
关键词:Message Authentication Code;Key Derivation Functions;Provable Security;Adversary’s Advantage;Random Oracle Model
