Abs.Net web Page

Share Your Knowledge, Build your Network..

Winrar and Winzip Password Recovery, is it possible?

Posted by absnet on 27 November 2009

Someone asking me is it possible to use password recovery software to "brute forcing" your Winzip or Winrar password. It sound promising when you googling to the net and finding a software come with the promise "able to recover your lost password". You download that software, installing it on your computer, and let’s the software work. But when you see the estimate time to guess, you put aside that file..


Zip password (winzip, winrar, 7zip etc) using encription procedure namely AES (Advance Encryption Protocol). In newer version of Winzip, the application provides the choice of several strengths (bit length – the longer the stronger), AES-128, AES-192 and AES-256
The weakness in using WinZip AES encryption, is it uses “Symmetric” encryption, which means it uses a single private password to encrypt and decrypt the Zip archive. Therefore complexity and strength of the password is “the” protection as well as a  weak point


One of the password breaking attacks  is a dictionary attack, which is as it sounds, tries regular words found in the dictionary as well as commonly used passwords, usually the cracker (the bad guy) has his own specific database of commonly used and known passwords, so passwords like “Pa55word” are extremely weak and just doesn’t cut it. Dictionaries of words are easily available for free on the Internet, these include dictionaries of specialist words, foreign languages, technical jargon, place names, first names etc.

Another attack to crack WinZip passwords is a “Brute Force” attack; this attack tries every single combination of characters possible e.g. aaaa to zzzz.

The brute attack  now can recover about 6 character length password at about 2 hours using general PC. It length will increase as password character longer, at about 12 folds. If you try to brute force a 7 digit password it took a several days and  it would took a couple of months to crack an 8 digit password on your not so powerful home computer.

The main factor to consider with the brute force attack is the processing power (the speed) of the computer trying the combinations. So, if your computer is not so powerful, and you’re sure that your password is more than 8 digit, please forget that file.

A hybrid attack is a mixture of a brute force attach and a dictionary attack. There are many different ways a hybrid attack can be performed, in it’s simplest form a hybrid attack may simply add a couple of numbers to the end of each dictionary word tried, this increases the number of tested combinations without having to resort to a true brute force attack. Cracking software will often use a combination or selection of all three methods to try and guess your password.


You can try this software to  recover. I hope you can use it with responsible.

1. Winrar Password Recovery Remover


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: