https://en.wikipedia.org/wiki/John_the_Ripper
There is a downloadable plugin for RACF -- old RACF hashing only, I *think*. @R.S. writes > 1. Do not give your RACF db to hackers. Never. No one "gives" their RACF DB to anyone (I would hope). The problem -- and everyone reading this who is not sure about their RACF DB should go check right now -- is UACC or USERID(*) READ access to the RACF DB *or its backup*. If I can download your RACF DB and attack it off-platform I can defeat any "revoke the userid after 'n' tries" that you have in place. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Tom Brennan Sent: Monday, January 11, 2021 6:40 AM To: [email protected] Subject: Re: Code to verify LOGON password Isn't there a program someone wrote (talked about here many years ago) that can try various passwords until something matches the hashed value? If that's the case, hashing doesn't really do as much good as people think it does, once someone gets hold of the RACF dataset of course. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
