newbie here. so consider this paradox: let's say you have a pass protected rar file. now the password should be stored somewhere in the file to compare against the inputted password. so if it's there how come you cant just extract it?
1. The RAR file format (not compression algorithm) has official documentation
2. There are two opensource (not really "free", you RMS-obsessed neckbreads) implementations able to extract all versions of the format, including any combination of solid archiving and encryption
3. The defaults of all shipping RAR versions (there's only one RAR compressor) have been not solid and not encrypt headers ("file names" in UI and docs). Anything else has been explicitly specified by the user
The UnRAR source is fucking trivial to read, it took me literally 10 minutes to figure out the main compression algorithm, plus another 5 for the VM stuff. If you can't answer "why is 2040:1 the maximum compression ratio for the LZH backed" after looking at it for 5 minutes, well, you just suck. The PPMD backed I haven't really looked into. The actual container format is dead easy, I'm not answering your kindergarten questions.