Jose Munoz wrote: >Someone can comment on it, I received an email from an Open System college >arguing that mainframe is very weak...please help me to answer it:
I'm not surprised. As a RACF person, I sometimes receive e-mails from spammers and wannabe crackers trying to 'advise me' on a lot of things. ;-) >oclHashcat v1.20 support added to crack RACF (IBM mainframe) hashes with 1 >Billion (Giga) Hashes/second on a single stock clocked hd6990 graphics card How did they tested it? Obtained a real copy of RACF DB and do your cracking? >I didn't expect IBM's Mainframe password hashing to be so weak :( It may be, in fact over the years, there are 'cracking' tools available to do a brute force attack. Pick one and do your crack. But as others said, you have first to obtain a copy of the RACF db somehow and then do your attack. And then there is that 3 strike rule too. A competent network person will trap your IP address if you try to attack a live system and block you out. It has been done and we have procedures to do that. >If you don't know what's oclHashcat, it's a program that cracks password >hashes using graphics cards (GPUs). The link above shows how many algorithms >are supported and a sample of the speed that some are cracked at depending on >the GPU setup. It only tells me one thing - cracking is a serious business for years long. Is it a legal White Hat test or some nefarious underground group trying to 'test out' systems (including z/OS) for fun/scientific reason/criminal reason? I'm more concerned about INSIDERS trying to do 'strange' transactions. BTW, Radoslaw said IBM announced a new password encryption algorithm. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
