VDict mobile



cryptography, operating system, security A utility that
encrpyts the hashed password information in a SAM
database using a 128-bit encryption key.
SYSKEY was an optional feature added in Windows NT 4.0 SP3.
It was meant to protect against offline password cracking
attacks so that the SAM database would still be secure even if
someone had a copy of it. However, in December 1999, a
security team from BindView found
a security hole in SYSKEY which indicates that a certain form
of cryptoanalytic attack is possible offline. A
brute-force attack then appeared to be possible.
Microsoft later collaborated with BindView to issue a fix
(dubbed the 'Syskey Bug') which appears to have been settled
and SYSKEY pronounced secure enough to resist brute-force
attack.
According to Todd Sabin of the BindView team RAZOR, the
pre-RC3 versions of Windows 2000 were also affected.
(2000-07-16)