|This article does not cite any references or sources. (September 2012)|
Syskey is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit RC4 encryption key. Access to a computer so protected requires either a password, either typed in or via external storage (floppy disk, USB flash drive).
SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks by preventing the possessor of an unauthorised copy of the SAM from extracting information from it. However, the feature is misused by phone line scammers and other criminals to lock the computers of naïve victims.
In December 1999 a security team from BindView found a security hole in Syskey that indicated that a certain form of cryptanalytic attack is possible offline, making a brute force attack appear to be possible.
Microsoft later collaborated with BindView to issue a fix for the problem (dubbed the 'Syskey Bug') which appears[to whom?] to have been settled; Syskey was pronounced secure enough to resist brute force attack.
According to Todd Sabin of the BindView team RAZOR, the pre-RC3 versions of Windows 2000 were also affected.
In what has been called the technical support scam, criminals phone unsophisticated computer users, most of whom use Windows, and persuade the victim to allow the criminal to remotely control the computer, often trying to persuade the user that the computer is in need of software maintenance which the caller will provide on payment by credit card. In many cases the syskey program is used to lock the computer, either to extort a payment to unlock it, or as a malicious act towards a victim who does not pay. If an unencrypted SAM cannot be found, the computer cannot be unlocked, although files can be retrieved by booting from a CD.
- This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.
|This security software article is a stub. You can help Wikipedia by expanding it.|