|This article does not cite any references or sources. (September 2012)|
Syskey is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit RC4 encryption key. By default, the SYSKEY encryption key is hidden in the Windows registry. But it can also be configured to require a startup password or an external storage (floppy disk, USB flash drive).
SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks by preventing the possessor of an unauthorised copy of the SAM from extracting information from it. However, the feature is misused by phone line scammers and other criminals to lock the computers of naïve victims.
In December 1999, a security team from BindView found a security hole in Syskey that indicated that a certain form of offline cryptanalytic attack is possible, making a brute force attack appear to be possible.
Microsoft later collaborated with BindView to issue a fix for the problem (dubbed the 'Syskey Bug') which appears[to whom?] to have been settled; Syskey was pronounced secure enough to resist brute force attack.
According to Todd Sabin of the BindView team RAZOR, the pre-RC3 versions of Windows 2000 were also affected.
In what has been called the technical support scam, criminals phone unsophisticated computer users, most of whom use Microsoft Windows, and persuade the victim to allow the criminal to remotely control the computer, often trying to persuade the user that the computer is in need of software maintenance which the caller will provide on payment by credit card. In many cases, the SYSKEY program is used to lock the computer by setting up the SYSKEY startup password, either to extort a payment to unlock it, or as a malicious act towards a victim who does not pay. There are several ways to recover from this.
- Revert to a previous System Restore Point.
- Use the free Offline NT Password & Registry Editor by following these instructions.
- Use commercial software to help retrieving SYSKEY startup password.
- This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.
- How to use the SysKey utility to secure the Windows Security Accounts Manager database
- Enable Syskey To Protect Windows Against Local Password Cracking
|This security software article is a stub. You can help Wikipedia by expanding it.|