Can I 100% trust the PBKDF2(HMAC-SHA256) AES-256 CBC encryption algorithm for file encryption purposes or not, and why? (Winrar)

id flag

I am not an expert in cryptography and therefore I would like to address this problem to people who have been working on this topic for a long time and thus verify the facts from several sources.

I use Winrar for file encryption because it is most suitable for me, it's fast and I'm already skillful with this program. I am using up-to-date version of Winrar which uses PBKDF2(HMAC-SHA256) AES-256 CBC algorithm.

BTW in this link they says that the number of PBKDF2 iterations is optional 2^15 (default) 2^24 (maximum), however I did not find any command to set this parameter, other sources say that the number of iterations varies depending on the version used. Extracting a WinRAR password?

For comparison, here is a link to a password cracking benchmark using a commercial tool.

Can I 100% trust the PBKDF2(HMAC-SHA256) AES-256 CBC encryption algorithm for this purpose or not, and why?


Here are some links I would recommend, it might be helpful:

I would also recommend reading related information on Wikipedia:

WinRAR,PBKDF2,Advanced Encryption Standard,Block cipher mode of operation Cipher block chaining (CBC),Rainbow table,Linear cryptanalysis,Partitioning cryptanalysis,Differential cryptanalysis, Substitution permutation network, Chosen plaintext attack, Chosen ciphertext attack, Rijndael_S-box, S-box

kelalaka avatar
in flag
Trust against who? Why do you recommend us to read instead of telling your actual problem? We already know AES-256 will be secure unless your keys are not uniform. Do you want the data on the rest? What about the residual files on your disk before encrypted? What about your badly chosen password? Why don't you use VeraCrypt?
kelalaka avatar
in flag
[from ](
Maarten Bodewes avatar
in flag
A small comment: code review or complete system review is not on topic on this site and the given answers may (and currently do) reflect that.
in flag

Can I 100% trust the PBKDF2(HMAC-SHA256) AES-256 CBC encryption algorithm for this purpose or not, and why?

There is no such thing as 100% security. We don't know if the AES algorithm can be broken, for instance. Also, if you lose the password then the "availability" part of the security triangle is lost. CBC doesn't provide integrity protection, although I presume the encrypted RAR archive by itself may provide some of that.

For in-place encryption that is not system-dependent, I would strongly recommend public key-based encryption where you secure the private key encrypted with a password. You can then use the public key to encrypt without providing any password. A disadvantage against this is that classical encryption algorithms (RSA, IES) are not secure against attacks from a fully-fledged quantum computer.

Many passwords have limited entropy, and PBKDF2 only allows a constant slowdown per password try. If you are going for password-based encryption then please make sure that the password is strong. Preferably use a strong password generated by and stored in a password manager application.

ng flag

PBKDF2-HMAC-SHA256 is not a recommendable† key/password stretching algorithm, especially with only 215 rounds. Problem is, it's too fast and resource-light to optimally slow down a password search for a powerful adversary (using GPUs, FPGAs, or ASICs).

It would be significantly safer to use a modern key-stretching algorithm like Argon2 at its industry standard parameterization. And, if that's not possible (e.g. because one wants to use WinRAR as is), it's advisable to increase‡ the PBKDF2 iteration count: the difficulty of password search grows about linearly with that. It's thus about 29 > 500 times harder to crack a password with 224 rounds than it is with 215 rounds.

However, poor password stretching is only a problem for poor passwords. For a large random password (e.g. 25 characters chosen independently at random among 64), that's a non-issue, and PBKDF2-HMAC-SHA256 with 215 rounds or more is ample.

AES-256 CBC encryption is solid from the standpoint of ensuring confidentiality, and that's more likely not going to be a weak point.

If there's a weak point beyond the password and it's stretching, it's going to be a flaw (deliberate or accidental) in the implementation of WinRAR. Determining if there is one would be hard, and is off-topic.

† NIST is thus consistent when it is still endorsing PBKDF2-HMAC-SHA256, after actively lobbying for Dual EC DRBG (just as the NSA made DES keys 56-bit).

‡ The WinRAR 5 file format specification states there's a 1-byte KDF count specifying the base-2 logarithm of the number of PBKDF2 rounds (if the question is right, that would be 15=0x0F to 24=0x18). How to coerce WinRAR into increasing that is unclear to me (it's possible that the value depends on the version of Winrar, or/and licensing terms/country).


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.