Syskey

1 definition found

From The Free On-line Dictionary of Computing (27 SEP 03) [foldoc]:

  SYSKEY
       
           A utility that
          {encrpyts} the {hashed} {password} information in a {SAM}
          database using a 128-bit {encryption key}.
       


          SYSKEY was an optional feature added in {Windows NT} 4.0 SP3.
          It was meant to protect against {offline} password {cracking}
          attacks so that the SAM database would still be secure even if
          someone had a copy of it.  However, in December 1999, a
          security team from {BindView (http://www.bindview.com/)} found
          a security hole in SYSKEY which indicates that a certain form
          of {cryptoanalytic} attack is possible offline.  A
          {brute-force attack} then appeared to be possible.
       
          Microsoft later collaborated with BindView to issue a fix
          (dubbed the 'Syskey Bug') which appears to have been settled
          and SYSKEY pronounced secure enough to resist brute-force
          attack.
       
          According to Todd Sabin of the BindView team RAZOR, the
          pre-RC3 versions of {Windows 2000} were also affected.
       
          {BindView Security Advisory
          (http://packetstorm.securify.com/9912-exploits/bindview.syskey.txt)}.
       
          {BindView press release
          (http://www.bindview.com/news/99/1222.html)}.
       
          {Microsoft bulletin
          (http://www.microsoft.com/Security/Bulletins/ms99-056.asp)}.
       
          (2000-07-16)