spacer Home spacer Valid HTML 4.01! spacer Dublin Core Used Here spacer Guestbook spacer PayPal Donate Nigel Pentland's downloads page

Current release is v1.1 dated 2008
(updated to handle lowercase characters)

This is a small DOS program which takes as input a RACF database and processes it in two passes to check for trivial passwords. It is similar to CRACF but does not reveal the weak password, it merely indicates the password as having been identified as weak. It does however include the facility for you to add your own dictionary of weak passwords by using WEAKDAT.

Pass 1 - base UserID information is identified and the UserIDs counter incremented for each.
Pass 2 - for each identified UserID it checks to see if the current password is either the UserID, the DFLTGRP or the UserID backwards. Remaining counter is decremented, and either hits or misses counter incremented for each. An output file (WEAKWORD.TXT) is generated with one line per UserID showing results.

Step 1 - submit JCL to copy structured RACF database into flat file

sample JCL
Step 2 - transfer from mainframe to PC as binary file.

Step 3 - compose a list of weak passwords to check against, e.g.
create password.txt with one password per line
Step 4 - run WEAKDAT to convert the list of passwords into
the format required by the WEAKWORD utility, .e.g.
weakdat password.txt
Step 5 - run WEAKWORD utility, e.g.

weakword flatfile.seq

Package containing WEAKDAT.EXE and WEAKWORD.EXE weak.exe (70k)

This page last updated: