Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: System Key Encryption

System Key Encryption 12 years 2 months ago #5084

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
Hello All,

I was reading an article on MSKB on how to secure SAM database. The article describes, that on a W2K, W2K3 and XP, Windows requires the Password Hashes to be Encrypted using a locally stored System Key.

Syskey utility, gives the ability to store the Encryption Key on a Floppy disk. If I choose to store the System Key on a floppy disk, the article describes that I need to insert the floppy disk to start the Operating System.

If I understood it correctly, the purpose of the System Key is to Encrypt the SAM database. Why then if I choose to store the Key on a floppy disk, would I require it to Start the OS?

Anyone know?
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: System Key Encryption 12 years 2 months ago #5087

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Posts: 613
  • Karma: 0
the purpose of the System Key is to Encrypt the SAM database. Why then if I choose to store the Key on a floppy disk, would I require it to Start the OS?

the key is needed to encrypt and decrypt the hash

or more correctly in the specific case, to encrypt both the original password as well as the string that will be compared against it, since we are talking for one-way encryption algorithms. If it was saved on the floppy disk and nowhere else.. then yes you'd need it ;)

"start the OS" propably means "login to the OS"
The administrator has disabled public write access.

Re: System Key Encryption 12 years 2 months ago #5089

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
the purpose of the System Key is to Encrypt the SAM database. Why then if I choose to store the Key on a floppy disk, would I require it to Start the OS?

the key is needed to encrypt and decrypt the hash

or more correctly in the specific case, to encrypt both the original password as well as the string that will be compared against it, since we are talking for one-way encryption algorithms. If it was saved on the floppy disk and nowhere else.. then yes you'd need it ;)

"start the OS" propably means "login to the OS"

Let me understand this correctly. The reason I would require the Sys Key to start the OS is because when the user supplies Logon credentials, specifically the password, Syskey is used to decrypt the password and compares the hash it generates with the ecrpyted hash in the SAM database. Is that right?

Also, if I may, I just got Cain & Abel v2.5Beta58 for W2k/NT/XP, as well as John The Ripper1.6 for win32 applications to decrypt the password hashes. Before I do anything with these, I thought I would ask opinions here if you had used these tools before.

If anyone is interested in these tools,
www.oxid.it/cain.html
www.openwall.com/john/

If anyone know of any other tools with which I can get plain text passwords from the SAM, I would greatly appreciate it.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: System Key Encryption 12 years 2 months ago #5093

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Posts: 613
  • Karma: 0
when the user supplies Logon credentials, specifically the password, Syskey is used to decrypt the password and compares the hash it generates with the ecrpyted hash in the SAM database. Is that right?

actually, I believe, the reverse, the final syskey hashes are compared.

Syskey's 128-bit encryption can not be brute forced, in practice.
Still, system key remains in a part of the registry that is accessible by processes running with administrator privileges and can be used to extract the md5 password's hash, which is weak enough to be brute forced (e.x. check pwdump). However I don't know the whys and hows, nore remember anything more practical as I've no contact with windows for a long time. But as for the tools I also remember "L0pth cracker" :)

here's an article from MS I had in my bookmarks, though it might be the one you read.
support.microsoft.com/default.aspx?scid=KB;en-us;q143475
The administrator has disabled public write access.

Re: System Key Encryption 12 years 2 months ago #5094

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
nske wrote:
actually, I believe, the reverse, the final syskey hashes are compared.

--Makes Sense.

But as for the tools I also remember "L0pth cracker" :)

--l0pht cracker isn't freeware. Although I think they do have a trial version.
--Thankyou nske, You have been awesome.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup