Syskey
{{Short description|Discontinued Windows NT component}}
File:Syskey screenshot.png operating system requesting the user to enter a password.]]
The SAM Lock Tool, better known as Syskey (the name of its executable file), is a discontinued component of Windows NT that encrypts the Security Account Manager (SAM) database using a 128-bit RC4 encryption key.{{Cite news|url=https://www.technig.com/enable-syskey-to-protect-windows/|title=Enable Syskey To Protect Windows From Password Cracking|date=2015-04-06|work=Technig|access-date=2018-02-04|language=en-US}}
Introduced in the Q143475 hotfix for Windows NT 4.0 SP3, the tool was removed in Windows 10's Fall Creators Update in 2017 because its method of cryptography is considered insecure by modern standards and the fact that the tool has been widely employed in scams as a form of ransomware. Microsoft officially recommended use of BitLocker disk encryption as an alternative.{{Cite web|url=https://support.microsoft.com/en-us/help/4034825/features-that-are-removed-or-deprecated-in-windows-10-fall-creators-up|title=Features that are removed or deprecated in Windows 10 Fall Creators Update|date=12 December 2017|website=Support|publisher=Microsoft}}{{Cite web|url=https://support.microsoft.com/en-us/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-version-1709|title=Syskey.exe utility is no longer supported in Windows 10 version 1709 and Windows Server version 1709|date=20 October 2017|website=Support|publisher=Microsoft}}
History
Introduced in the Q143475 hotfix included in Windows NT 4.0 SP3, Syskey was intended to protect against offline password cracking attacks by preventing the possessor of an unauthorized copy of the SAM file from extracting useful information from it.
Syskey can optionally be configured to require the user to enter the key during boot (as a startup password) or to load the key onto removable storage media (e.g., a floppy disk or USB flash drive).{{Cite web|url=https://support.microsoft.com/en-us/help/310105/how-to-use-the-syskey-utility-to-secure-the-windows-security-accounts|title=How to use the SysKey utility to secure the Windows Security Accounts Manager database|date=8 January 2018|website=Support|publisher=Microsoft}}
In mid-2017, Microsoft removed syskey.exe from future versions of Windows.{{Cite web|url=https://support.microsoft.com/en-us/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-windows-server|title=Syskey.exe utility is no longer supported in Windows 10, Windows Server 2016 and Windows Server 2019|website=support.microsoft.com|access-date=2019-01-12}} Microsoft recommends using "BitLocker or similar technologies instead of the syskey.exe utility."
Security issues
=The "Syskey Bug"=
In December 1999, a security team from BindView found a security hole in Syskey that indicated that a certain form of offline cryptanalytic attack is possible, making a brute force attack appear to be possible.{{cite web |url=https://packetstormsecurity.com/files/11121/bindview.syskey.txt.html |title=bindview.syskey.txt |work=Packet Storm |date=December 16, 1999 |access-date=July 1, 2016 |author=Sabin, Todd}} Microsoft later issued a fix for the problem (dubbed the "Syskey Bug").{{cite web |url=http://www.thewindowsclub.com/inbuilt-syskey-utility-lock-windows-7-computer-usb-stick |title=Use SysKey Utility to lock Windows computer using USB stick |publisher=The Windows Club |date=March 9, 2012 |access-date=July 1, 2016 |author=Khanse, Anand}} The bug affected both Windows NT 4.0 and pre-RC3 versions of Windows 2000.
=Use as ransomware=
Syskey is commonly abused by technical support scammers to lock victims out of their own computers in order to coerce them into paying a ransom.{{cite web|url=http://triplescomputers.com/blog/casestudies/solution-this-is-microsoft-support-telephone-scam-computer-ransom-lockout/|title=SOLUTION: "This is Microsoft Support" telephone scam – Computer ransom lockout|date=10 April 2013|website=Case Studies|publisher=Triple-S Computers}}{{cite web |title=Tech support company with workers in India claims its 'good name' being ruined by scammers|url=http://www.smh.com.au/it-pro/security-it/tech-support-company-with-workers-in-india-claims-its-good-name-being-ruined-by-scammers-20141116-11o361.html|website=Sydney Morning Herald|date=17 November 2014 |access-date=23 February 2017}} It is also used against such scammers by scambaiters as a way to disrupt their fraudulent operations.{{Cite AV media |url=https://www.youtube.com/watch?v=JrVUAQtKu58 |title=Extreme Anger From SYSKEY-ed Scammer |date=2023-04-15 |last=Scam Sandwich |access-date=2025-05-11 |via=YouTube}}
See also
References
{{Reflist}}
{{Windows Components}}
Category:Cryptographic software