From Wikipedia, the free encyclopedia
  (Redirected from SYSKEY)
Jump to: navigation, search
Screenshot of the Syskey utility on the Windows XP operating system requesting for the user to enter a password

Syskey is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit RC4 encryption key. By default, the SYSKEY encryption key is hidden in the Windows registry. But it can also be configured to require a startup password or an external storage (floppy disk, USB flash drive).

SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks by preventing the possessor of an unauthorised copy of the SAM from extracting information from it. However, the feature is misused by phone line scammers and other criminals to lock the computers of naïve victims.

Early vulnerability[edit]

In December 1999, a security team from BindView found a security hole in Syskey that indicated that a certain form of offline cryptanalytic attack is possible, making a brute force attack appear to be possible.

Microsoft later collaborated with BindView to issue a fix for the problem (dubbed the 'Syskey Bug') which appears[to whom?] to have been settled; Syskey was pronounced secure enough to resist brute force attack.

According to Todd Sabin of the BindView team RAZOR, the pre-RC3 versions of Windows 2000 were also affected.

Malicious use[edit]

In what has been called the technical support scam, criminals phone unsophisticated computer users, most of whom use Microsoft Windows, and persuade the victim to allow the criminal to remotely control the computer, often trying to persuade the user that the computer is in need of software maintenance which the caller will provide on payment by credit card. In many cases, the SYSKEY program is used to lock the computer by setting up the SYSKEY startup password, either to extort a payment to unlock it, or as a malicious act towards a victim who does not pay.[1] There are several ways to recover from this.

  1. Revert to a previous System Restore Point.
  2. Use the free Offline NT Password & Registry Editor by following these instructions.
  3. Use commercial software to help retrieving SYSKEY startup password.

See also[edit]


External links[edit]