The Syskey utility was included in Service Pack 3 as a means of protecting the SAM database from off-line brute-force attacks. With the previous encryption, it was possible to crack the passwords of a remote machine if a copy of its encrypted SAM databse could be obtained. There are several tools available to the public with which this can be done. Syskey added more encryption to the database, with the goal of making the calculations required to crack it too time-consuming to be feasible. Syskey creates a unique RC4 keystream for each user by incorporating the user's RID, but uses that same keystream to encrypt the LMHash and NTHash of their password (after some obfuscation of the hashes), as well as their previous two passwords (stored in the Password History part of their SAM entry). Due to this keystream re-use, it is possible to eradicate it from the formula. If the final, Syskey-encrypted hashes of the password are XORed together, the result will be the same as the XOR result...
The Syskey utility was included in Service Pack 3 as a means of protecting the SAM database from off-line brute-force attacks. With the previous encryption, it was possible to crack the passwords of a remote machine if a copy of its encrypted SAM databse could be obtained. There are several tools available to the public with which this can be done. Syskey added more encryption to the database, with the goal of making the calculations required to crack it too time-consuming to be feasible. Syskey creates a unique RC4 keystream for each user by incorporating the user's RID, but uses that same keystream to encrypt the LMHash and NTHash of their password (after some obfuscation of the hashes), as well as their previous two passwords (stored in the Password History part of their SAM entry). Due to this keystream re-use, it is possible to eradicate it from the formula. If the final, Syskey-encrypted hashes of the password are XORed together, the result will be the same as the XOR result of the hashes prior to encryption. Therefore, if a potential password is encrypted via the regular NT encryption process, and then obfuscated, the two hashes can be XORed and compared to an XOR of the Syskey hashes to determine if the potential password is correct. Also, even the user-dependent portion of the algorithm can be defeated, making it possible to attack all passwords of 7 characters or less simutaneously, and even to precompute hash lists that will be valid on any machine. This is due to the fact that with passwords of 7 characters or less, the second half of the LMHash is known, and can be XORed with the previous XOR result to obtain the second half of the NTHash, which can then be compared to the hashed version of words in the dictionary file.
