资料来源 : Free On-Line Dictionary of Computing
SYSKEY
A utility that
{encrpyts} the {hashed} {password} information in a {SAM}
database using a 128-bit {encryption key}.
SYSKEY was an optional feature added in {Windows NT} 4.0 SP3.
It was meant to protect against {offline} password {cracking}
attacks so that the SAM database would still be secure even if
someone had a copy of it. However, in December 1999, a
security team from {BindView (http://www.bindview.com/)} found
a security hole in SYSKEY which indicates that a certain form
of {cryptoanalytic} attack is possible offline. A
{brute-force attack} then appeared to be possible.
Microsoft later collaborated with BindView to issue a fix
(dubbed the 'Syskey Bug') which appears to have been settled
and SYSKEY pronounced secure enough to resist brute-force
attack.
According to Todd Sabin of the BindView team RAZOR, the
pre-RC3 versions of {Windows 2000} were also affected.
{BindView Security Advisory
(http://packetstorm.securify.com/9912-exploits/bindview.syskey.txt)}.
{BindView press release
(http://www.bindview.com/news/99/1222.html)}.
{Microsoft bulletin
(http://www.microsoft.com/Security/Bulletins/ms99-056.asp)}.
(2000-07-16)