Syskey

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Screenshot of the Syskey utility on the Windows XP operating system requesting for the user to enter a password

The SAM Lock Tool, better known as Syskey (the name of its executable file) was a discontinued component of Microsoft Windows that encrypted the Security Account Manager (SAM) database using a 128-bit RC4 encryption key.[1]

History[edit]

First introduced with Windows NT 4.0 SP3,[2] Syskey was intended to protect against offline password cracking attacks by preventing the possessor of an unauthorized copy of the SAM file from extracting useful information from it.[2]

Syskey could optionally be configured to require the user to enter the key during boot (as a startup password) or load the key onto removable storage media (e.g., a floppy disk or USB flash drive).[3]

Security issues[edit]

The "Syskey Bug"[edit]

In December 1999, a security team from BindView found a security hole in Syskey that indicated that a certain form of offline cryptanalytic attack is possible, making a brute force attack appear to be possible.[2]

Microsoft later issued a fix for the problem (dubbed the "Syskey Bug").[4] The bug affected both Windows NT 4.0 and pre-RC3 versions of Windows 2000.[2]

Use as ransomware[edit]

Syskey is commonly abused by "tech support" scammers to lock victims out of their own computers, in order to coerce them into paying a ransom.[5][6][7]

Deprecation and removal[edit]

As of the Windows 10 Fall Creators Update and Windows Server "RS3" (due to its weak cryptography and ransomware risks), Syskey was removed from all Microsoft operating systems, with Microsoft terming it a "non-secure security feature".[8] Microsoft recommends BitLocker as replacement.[9]

See also[edit]

References[edit]

External links[edit]