Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120312164053.GA30558@openwall.com>
Date: Mon, 12 Mar 2012 20:40:53 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking RACF passwords

On Mon, Mar 12, 2012 at 03:45:11PM +0100, Andres Ederra wrote:
> I just want to encourage you about creating racf support for john.
> 
> You are not alone with the effort, I am also very interested... maybe
> and only maybe I could get some company resources to work on that
> too...

Sounds great.

> Anyway as far as I have investigated the issue the problem is to learn
> the RACF algorithm, coding it as a john module its a no-issue.

Right.  If you (or someone else) can post some sample hashes (for one or
both of the RACF hash types - "DES-encrypted" and "hashed") along with
the corresponding plaintext passwords, that might be all we need to
figure out the algorithm.

Update: oh, I've just read Main Framed's posting.  Looks like we do have
some samples, but figuring the algorithm out is not so trivial.

> I'm afraid that the people who know that info maybe retired (or
> dead...) and IBM is not going to collaborate that much (I would want
> to be wrong but...)
> 
> There is always the possibility to reverse-engineer the cracf.exe and
> weakword.exe but that is a costly and painful road... (btw, afaik,
> that is completely legal for interoperability, with its the exact
> case, at least in Europe or at least in my country... ).

We primarily need interoperability with IBM's software rather than with
other RACF crackers, so it might be a safer bet to reverse-engineer that
(although it may be more difficult to do).

> In any case I haven't find the resources to properly investigate the
> issue... but it looks like Tierry Falissard work is promising (even if
> you have to jump through some loops to access its web and
> downloads...)

Oh, the http://www.os390-mvs.freesurf.fr/ichdex01.htm URL was working
when I posted it before.  Do we have to use archive.org now?

> Have anyone checked this source code? http://pastebin.com/g2tVcEww I
> know nothing about os-390 asm ... does it rely on a racf library? or
> we can learn something about the algorithm from it?

I had not seen this piece of code before.  Where did you get it?

Yes, I think it makes a library call:

         CALL  MGCRYPT,(PARAM,ZONE,WORK),VL

So it's only useful to us in that it gives us this function name to
search for.  A Google web search for MGCRYPT and RACF does not give any
additional relevant hits.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.