Syskey

Screenshot of the Syskey utility on the Windows XP operating system requesting for the user to enter a password

The SAM Lock Tool, better known as Syskey (the name of its executable file) is a discontinued component of Windows NT that encrypts the Security Account Manager (SAM) database using a 128-bit RC4 encryption key.^[1]

First introduced on Windows NT 4.0 SP3, it was removed on Windows 10 and Windows Server 2016 release 1709, due to its use of cryptography considered insecure by modern standards, and its use as part of scams as a form of ransomware. Microsoft officially recommended use of BitLocker disk encryption as an alternative.^[2]^[3]

History

First introduced with Windows NT 4.0 SP3,^[4] Syskey was intended to protect against offline password cracking attacks by preventing the possessor of an unauthorized copy of the SAM file from extracting useful information from it.^[4]

Syskey can optionally be configured to require the user to enter the key during boot (as a startup password) or load the key onto removable storage media (e.g., a floppy disk or USB flash drive).^[5]

Security issues

The "Syskey Bug"

In December 1999, a security team from BindView found a security hole in Syskey that indicated that a certain form of offline cryptanalytic attack is possible, making a brute force attack appear to be possible.^[4]

Microsoft later issued a fix for the problem (dubbed the "Syskey Bug").^[6] The bug affected both Windows NT 4.0 and pre-RC3 versions of Windows 2000.^[4]

Use as ransomware

Syskey is commonly abused by "tech support" scammers to lock victims out of their own computers, in order to coerce them into paying a ransom.^[7]^[8]

References

↑ "Enable Syskey To Protect Windows From Password Cracking". Technig. 2015-04-06. Retrieved 2018-02-04.
↑ "Features that are removed or deprecated in Windows 10 Fall Creators Update". Support. Microsoft. 12 December 2017.
↑ "Syskey.exe utility is no longer supported in Windows 10 version 1709 and Windows Server version 1709". Support. Microsoft. 20 October 2017.
1 2 3 4 Sabin, Todd (December 16, 1999). "bindview.syskey.txt". Packet Storm. Retrieved July 1, 2016.
↑ "How to use the SysKey utility to secure the Windows Security Accounts Manager database". Support. Microsoft. 8 January 2018.
↑ Khanse, Anand (March 9, 2012). "Use SysKey Utility to lock Windows computer using USB stick". The Windows Club. Retrieved July 1, 2016.
↑ "SOLUTION: "This is Microsoft Support" telephone scam – Computer ransom lockout". Case Studies. Triple-S Computers. 10 April 2013.
↑ "Tech support company with workers in India claims its 'good name' being ruined by scammers". Sydney Morning Herald. Retrieved 23 February 2017.

External links

How to Remove Syskey in Windows
Syskey Blocker (program to prevent scammers from typing "syskey")

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] "Enable Syskey To Protect Windows From Password Cracking". Technig. 2015-04-06. Retrieved 2018-02-04.

[2] "Features that are removed or deprecated in Windows 10 Fall Creators Update". Support. Microsoft. 12 December 2017.

[3] "Syskey.exe utility is no longer supported in Windows 10 version 1709 and Windows Server version 1709". Support. Microsoft. 20 October 2017.

[bvskdottxt-4] 1 2 3 4 Sabin, Todd (December 16, 1999). "bindview.syskey.txt". Packet Storm. Retrieved July 1, 2016.

[5] "How to use the SysKey utility to secure the Windows Security Accounts Manager database". Support. Microsoft. 8 January 2018.

[6] Khanse, Anand (March 9, 2012). "Use SysKey Utility to lock Windows computer using USB stick". The Windows Club. Retrieved July 1, 2016.

[7] "SOLUTION: "This is Microsoft Support" telephone scam – Computer ransom lockout". Case Studies. Triple-S Computers. 10 April 2013.

[smh-syskey-8] "Tech support company with workers in India claims its 'good name' being ruined by scammers". Sydney Morning Herald. Retrieved 23 February 2017.