Home > Articles

  • Print
  • + Share This
From the author of

Relevant Hot Fix or Other Security Update

To encrypt the passwords, Syskey uses a stream cipher. A stream cipher (a type of cryptographic algorithm) uses a cryptographic key to generate a stream of bits (known as the key stream) which are then XOR'd with the plain text. Cryptographic best practices require that key stream never be reused. To do so would make the encrypted data more vulnerable to an attack. To put it simply, repetition of the key stream would eventually provide an attacker with repeating patterns and he might eventually be able to deduce possibly letters, then letter combinations, and eventually words in an encrypted message.

Not long after Microsoft introduced Syskey, it was discovered that the Syskey algorithm had a fatal flaw: It reused key stream material. A post-Service Pack 6a fix that corrects this problem is available. Information and a link to the download can be found in Knowledge Base article Q248183 (http://support.microsoft.com/support/kb/articles/q248/1/83.asp). The hot fix is part of the post-Service Pack 6a rollout.

  • + Share This
  • 🔖 Save To Your Account