SAM Lock Tool, better known as syskey (the name of its executable file) is a discontinued component of Microsoft Windows that encrypts the Security Account Manager (SAM) database using a 128-bit RC4 encryption key. Syskey can optionally be configured to require the user to enter the key at boot time as a startup password or load it on removable storage media (e.g., USB flash drive). Syskey was first introduced with Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks by preventing the possessor of an unauthorized copy of the SAM from extracting useful information from it. However, it has been commonly misused by "tech support" scammers to lock victims out of their own computers in order to coerce them into paying a ransom. Syskey utility has been removed in the Windows 10 Fall Creators Update and Windows Server "RS3" due to its weak cryptography and ransomware scams risks. Microsoft recommends BitLocker as replacement.
In December 1999, a security team from BindView found a security hole in Syskey that indicated that a certain form of offline cryptanalytic attack is possible, making a brute force attack appear to be possible. Microsoft later issued a fix for the problem (dubbed the "Syskey Bug"). The bug affected both Windows NT 4.0 and pre-RC3 versions of Windows 2000.
Video Syskey
See also
- Encrypting File System
- LM hash
- pwdump
Maps Syskey
References
External links
- How to Remove Syskey in Windows
Source of article : Wikipedia
0 Comments