RAR files store an encrypted header containing file names and CRC32 checksums. Crucially, the CRC32 of the unencrypted data is stored outside the encrypted payload for verification. This provides an "oracle": if a decryption attempt produces a checksum that matches the stored plaintext CRC, the password is almost certainly correct. This oracle allows crark to verify a password in microseconds without decompressing the entire archive.
In the end, crark is a mirror for the user: it reminds us that the strongest encryption is often undone not by a mathematical breakthrough, but by a password that is password123 . The lock is strong; the key is weak. Crark simply turns that key, over and over, hoping one fits. RAR files store an encrypted header containing file
