Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

KBAlertz.com: A cryptographic error in the Syskey tool makes offline password attacks easier than previously believed. Syskey reuses keystream when encrypting certain elements in the Security Accounts Manager (SAM) database, making the tool vulnerable to

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]

Search KbAlertz

Advanced Search

Webmasters
Put kbAlertz on your website.
[ Click Here for more! ]





ASP.NET 3.5 Web Hosting with Windows 2008 and SQL 2008: Click Here!
Discount ASP.NET Hosting
ASP.NET 2.0 and 3.5
Windows2008 and SQL2008
US and UK Hosting
KBAlertz referrals get
** SIX MONTHS FREE **

Community Site


We Send hundreds of thousands of emails using ASP.NET Email

ASP.NET 3.5 Web Hosting with Windows 2008 and SQL 2008: Click Here!
Discount ASP.NET Hosting
ASP.NET 2.0 and 3.5
Windows2008 and SQL2008
US and UK Hosting
KBAlertz referrals get
** SIX MONTHS FREE **



Mentioned In







Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks



Article ID: 248183 - Last Review: March 22, 2007 - Revision: 2.5

Syskey Tool Reuses Keystream

View products that this article applies to.
System TipThis article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you.Visit the Windows Vista Solution Center
This article was previously published under Q248183

On This Page

SYMPTOMS

A cryptographic error in the Syskey tool makes offline password attacks easier than previously believed. Syskey reuses keystream when encrypting certain elements in the Security Accounts Manager (SAM) database, making the tool vulnerable to an attack using a known cryptanalytic method. This vulnerability could allow offline password attacks to be mounted against a Syskey-protected SAM database.
Back to the top

CAUSE

Passwords in the SAM database are stored in hashed form to prevent a user who gains access to the database from reading the passwords. However, offline password attacks are still possible if an attacker obtains a copy of the database and is willing to devote the time needed to perform an exhaustive search of all possible passwords. The Syskey tool is designed to prevent such attacks by strongly encrypting the SAM database using 128-bit cryptography. However, a flaw in the implementation results in multiple database entries being encrypted with the same keystream. This renders the encryption susceptible to a known attack.
Back to the top

RESOLUTION

Windows NT Server or Workstation 4.0

To resolve this problem, obtain the individual package referenced below or obtain the Windows NT 4.0 Security Rollup Package. For additional information on the SRP, click the article number below to view the article in the Microsoft Knowledge Base:
299444  (http://kbalertz.com/Feedback.aspx?kbNumber=299444/EN-US/ ) Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)
The following files are available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Q248183.Exe for x86-based computers now (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=952C0658-1BAE-4279-B2E4-B850FD9ECD47)

Collapse this imageExpand this image
Download
Download Q248183.Exe for Alpha-based computers now (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=47C20522-D9AB-4717-A56C-6E25279ABA26)
The English version of this fix should have the following file attributes or later:
   Date      Time        Size      File name    Platform
   -----------------------------------------------------
   12/06/1999   06:52p   155,408   Lsasrv.dll   x86
   12/06/1999   06:53p   174,352   Samsrv.dll   x86

   12/06/1999   06:51p   253,712   Lsasrv.dll   Alpha
   12/06/1999   06:51p   290,064   Samsrv.dll   Alpha

Back to the top

Windows NT Server 4.0, Terminal Server Edition

To resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base:
317636  (http://kbalertz.com/Feedback.aspx?kbNumber=317636/EN-US/ ) Windows NT Server 4.0, TerminalServer Edition, Security Rollup Package
Back to the top

STATUS

Windows NT Server or Workstation 4.0

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows NT 4.0 Server and Workstation.
Back to the top

Windows NT Server 4.0, Terminal Server Edition

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows NT Server 4.0, Terminal Server Edition.
Back to the top

MORE INFORMATION

For additional information about the Syskey tool, click the article number below to view the article in the Microsoft Knowledge Base:
143475  (http://kbalertz.com/Feedback.aspx?kbNumber=143475/EN-US/ ) Windows NT System Key Permits Strong Encryption of the SAM
Back to the top
APPLIES TO
  • Microsoft Windows NT Server 4.0, Terminal Server Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Enterprise Edition
Back to the top
Keywords: 
kbhotfixserver kbqfe kbbug kbfix kbgraphxlinkcritical kbqfe kbsecurity KB248183
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Be the first to leave feedback, to help others about this knowledge base article.

(Optional) Name
(Optional) Public URL Or Email
Comments
No HTML -- Text Only Please

 



Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting