A rainbow table is an optimization for inverting hash functions: finding a password when all you have is its hash. Although this is not absolutely necessary here, I recommend reading What are rainbow tables and how are they used? in which there is a very good explanation that eliminates several common misconceptions.
There are two parts to RAR encryption (or almost everything that uses a password to encrypt some data). First, the encryption key is derived from the password using the key derivation function (KDF). The encryption key is then used to encrypt or decrypt the data.
KDF -, : KDF. , KDF - , . , KDF , , .
, . WinRAR KDF (PBKDF2), .
KDF converts a variable-length string to a fixed-size key. A key property of KDF is that it must distinguish between card input lines for different keys. A cryptographic hash function (SHA-1, SHA-256, ...) achieves this. When the input string is a human-provided password, there are two other important properties that the hash function does not achieve on its own:
- If two people choose the same password, they should not have the same key.
- KDF must be computed slowly so that the attacker cannot find the password using brute force.
Salt reaches the first property. The second property is achieved by doing something like this: take a password, add salt, a hash lot; take this hash, add salt, hash lot; repeat many times.- "" : , , , .. , y = f (x) y x , y = f (x), - x . - . : f , . , .