Editing Syskey

{{Short description|Discontinued Windows NT component}}
[[File:Syskey screenshot.png|thumbnail|Screenshot of the Syskey utility on the [[Windows 8.1]] operating system requesting the user to enter a password.]]

The '''SAM Lock Tool''', better known as '''Syskey''' (the name of its [[executable file]]), is a discontinued component of [[Windows NT]] that [[encryption|encrypts]] the [[Security Account Manager]] (SAM) [[database]] using a 128-bit [[RC4]] [[encryption key]].<ref>{{Cite news|url=https://www.technig.com/enable-syskey-to-protect-windows/|title=Enable Syskey To Protect Windows From Password Cracking|date=2015-04-06|work=Technig|access-date=2018-02-04|language=en-US}}</ref>

Introduced in the Q143475 hotfix for [[Windows NT 4.0]] SP3, the tool was removed in [[Windows 10]]'s Fall Creators Update in 2017 because its method of [[cryptography]] is considered insecure by modern standards and the fact that the tool has been widely employed in scams as a form of [[ransomware]]. Microsoft officially recommended use of [[BitLocker]] [[disk encryption]] as an alternative.<ref>{{Cite web|url=https://support.microsoft.com/en-us/help/4034825/features-that-are-removed-or-deprecated-in-windows-10-fall-creators-up|title=Features that are removed or deprecated in Windows 10 Fall Creators Update|date=12 December 2017|website=Support|publisher=[[Microsoft]]}}</ref><ref>{{Cite web|url=https://support.microsoft.com/en-us/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-version-1709|title=Syskey.exe utility is no longer supported in Windows 10 version 1709 and Windows Server version 1709|date=20 October 2017|website=Support|publisher=[[Microsoft]]}}</ref>

==History==
Introduced in the Q143475 hotfix included in [[Windows NT 4.0]] SP3,<ref name="bvskdottxt" /> Syskey was intended to protect against [[offline]] [[password cracking]] attacks by preventing the possessor of an unauthorized copy of the SAM file from extracting useful information from it.<ref name="bvskdottxt" />

Syskey can optionally be configured to require the user to enter the key during [[Booting|boot]] (as a startup password) or to load the key onto removable storage media (e.g., a [[floppy disk]] or [[USB flash drive]]).<ref>{{Cite web|url=https://support.microsoft.com/en-us/help/310105/how-to-use-the-syskey-utility-to-secure-the-windows-security-accounts|title=How to use the SysKey utility to secure the Windows Security Accounts Manager database|date=8 January 2018|website=Support|publisher=[[Microsoft]]}}</ref>

In mid-2017, Microsoft removed syskey.exe from future versions of Windows.<ref>{{Cite web|url=https://support.microsoft.com/en-us/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-windows-server|title=Syskey.exe utility is no longer supported in Windows 10, Windows Server 2016 and Windows Server 2019|website=support.microsoft.com|access-date=2019-01-12}}</ref> Microsoft recommends using "[[BitLocker]] or similar technologies instead of the syskey.exe utility."

==Security issues==

===The "Syskey Bug"===
In December 1999, a security team from [[BindView]] found a security hole in Syskey that indicated that a certain form of offline [[cryptanalysis|cryptanalytic]] attack is possible, making a [[brute force attack]] appear to be possible.<ref name="bvskdottxt">{{cite web |url=https://packetstormsecurity.com/files/11121/bindview.syskey.txt.html |title=bindview.syskey.txt |work=[[Packet Storm]] |date=December 16, 1999 |access-date=July 1, 2016 |author=Sabin, Todd}}</ref> Microsoft later issued a fix for the problem (dubbed the "Syskey Bug").<ref>{{cite web |url=http://www.thewindowsclub.com/inbuilt-syskey-utility-lock-windows-7-computer-usb-stick |title=Use SysKey Utility to lock Windows computer using USB stick |publisher=The Windows Club |date=March 9, 2012 |access-date=July 1, 2016 |author=Khanse, Anand}}</ref> The bug affected both Windows NT 4.0 and pre-RC3 versions of [[Windows 2000]].<ref name="bvskdottxt" />

===Use as ransomware===
Syskey is commonly abused by [[Technical support scam|technical support scammers]] to lock victims out of their own computers in order to coerce them into paying a ransom.<ref>{{cite web|url=http://triplescomputers.com/blog/casestudies/solution-this-is-microsoft-support-telephone-scam-computer-ransom-lockout/|title=SOLUTION: "This is Microsoft Support" telephone scam – Computer ransom lockout|date=10 April 2013|website=Case Studies|publisher=Triple-S Computers}}</ref><ref name="smh-syskey">{{cite web |title=Tech support company with workers in India claims its 'good name' being ruined by scammers|url=http://www.smh.com.au/it-pro/security-it/tech-support-company-with-workers-in-india-claims-its-good-name-being-ruined-by-scammers-20141116-11o361.html|website=Sydney Morning Herald|date=17 November 2014 |access-date=23 February 2017}}</ref> It is also used against such scammers by [[Scam baiting|scambaiters]] as a way to disrupt their fraudulent operations.<ref>{{Cite AV media |url=https://www.youtube.com/watch?v=JrVUAQtKu58 |title=Extreme Anger From SYSKEY-ed Scammer |date=2023-04-15 |last=Scam Sandwich |access-date=2025-05-11 |via=YouTube}}</ref>

==See also==

*[[LM hash]]
*[[pwdump]]

==References==
{{Reflist}}



{{Windows Components}}

[[Category:Cryptographic software]]
[[Category:Microsoft Windows security technology]]
[[Category:Windows administration]]