Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Mar 2012 15:45:11 +0100
From: Andres Ederra <>
Subject: Re: Cracking RACF passwords

Hi Alexander (and all),

I just want to encourage you about creating racf support for john.

You are not alone with the effort, I am also very interested... maybe
and only maybe I could get some company resources to work on that

Anyway as far as I have investigated the issue the problem is to learn
the RACF algorithm, coding it as a john module its a no-issue.

I'm afraid that the people who know that info maybe retired (or
dead...) and IBM is not going to collaborate that much (I would want
to be wrong but...)

There is always the possibility to reverse-engineer the cracf.exe and
weakword.exe but that is a costly and painful road... (btw, afaik,
that is completely legal for interoperability, with its the exact
case, at least in Europe or at least in my country... ).

In any case I haven't find the resources to properly investigate the
issue... but it looks like Tierry Falissard work is promising (even if
you have to jump through some loops to access its web and

Have anyone checked this source code? I
know nothing about os-390 asm ... does it rely on a racf library? or
we can learn something about the algorithm from it?

Best regards


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.