Syskey

From Wikipedia, the free encyclopedia
  (Redirected from SYSKEY)
Jump to: navigation, search
Screenshot of the Syskey utility on the Windows XP operating system requesting for the user to enter a password

Syskey is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit RC4 encryption key. Access to a computer so protected requires either a password, either typed in or via external storage (floppy disk, USB flash drive).

SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks by preventing the possessor of an unauthorised copy of the SAM from extracting information from it.

The feature is misused by criminals to lock the computers of naïve victims.

Early vulnerability[edit]

In December 1999 a security team from BindView found a security hole in Syskey that indicated that a certain form of cryptanalytic attack is possible offline, making a brute force attack appear to be possible.

Microsoft later collaborated with BindView to issue a fix for the problem (dubbed the 'Syskey Bug') which appears[who?] to have been settled; Syskey was pronounced secure enough to resist brute force attack.

According to Todd Sabin of the BindView team RAZOR, the pre-RC3 versions of Windows 2000 were also affected.

Malicious use[edit]

In what has been called the technical support scam, criminals phone unsophisticated computer users, most of whom use Windows, and persuade the victim to allow the criminal to remotely control the computer, often trying to persuade the user that the computer is in need of software maintenance which the caller will provide on payment by credit card. In many cases the syskey program is used to lock the computer, either to extort a payment to unlock it, or as a malicious act towards a victim who does not pay.[1] If an unencrypted SAM cannot be found, the computer cannot be unlocked, although files can be retrieved by booting from a CD.

See also[edit]

References[edit]

External links[edit]