In this paper, we present several attacks on the WinRAR encryption method. These attacks are possible due to the subtlety in developing security software based on the integration of multiple cryptographic primitives. No matter how securely designed each primitive is, using them especially in association with other primitives does not guarantee secure systems. Instead, time and again such a practice has resulted in flawed systems. Our results, compared to recent attacks on WinZip, show that WinRAR appears to offer slightly better security features.