Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Mar 2012 20:40:53 +0400
From: Solar Designer <>
Subject: Re: Cracking RACF passwords

On Mon, Mar 12, 2012 at 03:45:11PM +0100, Andres Ederra wrote:
> I just want to encourage you about creating racf support for john.
> You are not alone with the effort, I am also very interested... maybe
> and only maybe I could get some company resources to work on that
> too...

Sounds great.

> Anyway as far as I have investigated the issue the problem is to learn
> the RACF algorithm, coding it as a john module its a no-issue.

Right.  If you (or someone else) can post some sample hashes (for one or
both of the RACF hash types - "DES-encrypted" and "hashed") along with
the corresponding plaintext passwords, that might be all we need to
figure out the algorithm.

Update: oh, I've just read Main Framed's posting.  Looks like we do have
some samples, but figuring the algorithm out is not so trivial.

> I'm afraid that the people who know that info maybe retired (or
> dead...) and IBM is not going to collaborate that much (I would want
> to be wrong but...)
> There is always the possibility to reverse-engineer the cracf.exe and
> weakword.exe but that is a costly and painful road... (btw, afaik,
> that is completely legal for interoperability, with its the exact
> case, at least in Europe or at least in my country... ).

We primarily need interoperability with IBM's software rather than with
other RACF crackers, so it might be a safer bet to reverse-engineer that
(although it may be more difficult to do).

> In any case I haven't find the resources to properly investigate the
> issue... but it looks like Tierry Falissard work is promising (even if
> you have to jump through some loops to access its web and
> downloads...)

Oh, the URL was working
when I posted it before.  Do we have to use now?

> Have anyone checked this source code? I
> know nothing about os-390 asm ... does it rely on a racf library? or
> we can learn something about the algorithm from it?

I had not seen this piece of code before.  Where did you get it?

Yes, I think it makes a library call:


So it's only useful to us in that it gives us this function name to
search for.  A Google web search for MGCRYPT and RACF does not give any
additional relevant hits.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.