The SAM Lock Tool, better known as Syskey (the name of its

executable file In computing, executable code, an executable file, or an executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instructions", as opposed to a data fi ...

), is a discontinued component of

Windows NT Windows NT is a proprietary graphical operating system produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system. The first version of Wi ...

that encrypts the Security Account Manager (SAM)

database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases spa ...

using a 128-bit RC4 encryption key. First introduced in the Q143475 hotfix which was included in Windows NT 4.0 SP3, it was removed in

Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on ...

's Fall Creators Update in 2017 due to its use of cryptography considered unsecure by modern standards, and its use as part of scams as a form of

ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, m ...

. Microsoft officially recommended use of

BitLocker BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in ...

disk encryption Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that ...

as an alternative.

History

First introduced in the Q143475 hotfix included in Windows NT 4.0 SP3, Syskey was intended to protect against

offline In computer technology and telecommunications, online indicates a state of connectivity and offline indicates a disconnected state. In modern terminology, this usually refers to an Internet connection, but (especially when expressed "on line" o ...

password cracking In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach ( brute-force attack) is to repeatedly t ...

attacks by preventing the possessor of an unauthorized copy of the SAM file from extracting useful information from it. Syskey can optionally be configured to require the user to enter the key during boot (as a startup password) or load the key onto removable storage media (e.g., a

floppy disk A floppy disk or floppy diskette (casually referred to as a floppy, or a diskette) is an obsolescent type of disk storage composed of a thin and flexible disk of a magnetic storage medium in a square or nearly square plastic enclosure lined ...

USB flash drive A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since fir ...

). In mid-2017, Microsoft removed syskey.exe from future versions of Windows. Microsoft recommends using "

or similar technologies instead of the syskey.exe utility."

Security issues

The "Syskey Bug"

In December 1999, a security team from

BindView BindView Development Corporation (NASDAQ: BVEW) was an American software company founded in 1990 by Eric Pulaski. Pulaski remained as chairman of the board and chief executive officer until the acquisition by Symantec Corporation in January 2006. ...

found a security hole in Syskey that indicated that a certain form of offline cryptanalytic attack is possible, making a

brute force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the corr ...

appear to be possible. The problem is that SYSKEY has RC4 keystream reuse problems. Microsoft later issued a fix for the problem (dubbed the "Syskey Bug"). The bug affected both Windows NT 4.0 and pre-RC3 versions of

Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was official ...

Use as ransomware

Syskey is commonly abused by "tech support" scammers to lock victims out of their own computers, in order to coerce them into paying a ransom.

References

{{Windows Components Cryptographic software Microsoft Windows security technology Windows administration

History

Security issues

The "Syskey Bug"

Use as ransomware

See also

References