|
Brought to you by:
Suppliers of:
|
|
|
| |
| Microsoft has released a patch that eliminates vulnerability in Syskey, a utility that provides protection for Microsoft Windows NT password databases. The vulnerability allows a particular cryptanalytic attack to be effective against Syskey, significantly reducing the strength of the protection it offers. The patch eliminates the vulnerability and restores strong protection to the password database. |
| |
Credit:
The information has been provided by: Microsoft Security Department.
|
| |
Syskey is a utility that strongly encrypts the hashed password information in the SAM database in order to protect it against offline password cracking attacks (for example, the l0phtcrack cracking tool). However, Syskey reuses the key stream used to perform some of the encryption. This significantly reduces the strength of the protection it provides by enabling a well-known cryptanalytic attack to be used against it.
A patch is available that eliminates the key reuse vulnerability and again makes it computationally infeasible to mount a brute-force attack against the SAM database when Syskey has been applied.
Affected Software Versions
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Enterprise Edition
- Microsoft Windows NT Server 4.0, Terminal Server Edition
Patch Availability
- x86:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16798
- alpha:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16799
NOTE: Additional security patches are available at the Microsoft Download Center (www.microsoft.com/downloads)
What is Syskey?
Syskey is a utility intended to prevent offline password cracking attacks against the Security Account Manager (SAM) database in Windows NT systems.
What is an offline password cracking attack?
Password cracking is a means by which a malicious user tries to determine another user's password. Because passwords are critical security information, they are generally protected cryptographically. Password cracking seeks to penetrate the cryptographic protection and recover the password.
Offline password cracking is used if the strength of the cryptographic protection too high to allow the attacker to crack the password in real time. In an offline attack, the attacker captures a copy of the cryptographically protected password and attacks it exhaustively over time, on a machine that he or she controls.
What is the SAM database?
The Security Account Manager (SAM) database is the storage point for user passwords in Windows NT. The passwords are stored in a hashed form in the database. Hashing is a cryptographic process that generates a unique "fingerprint" from a piece of data. Hash functions are one-way functions, so even if a malicious user learned the hashed values of another user's password, he or she could not "unhash" it to learn the password itself.
However, if a malicious user gained access to the SAM database, he or she could conduct an offline password cracking attack. He or she could copy it to another machine, then exhaustively generate every possible password, hash it, and compare the result to the hashes in the database. For example, if the hash of "XYZ" matched one of the values in the database, the malicious user would know that the password for that user was "XYZ". There are tools available to mount such an attack, once a copy of the SAM database has been obtained.
How does Syskey protect against offline password cracking attacks?
Syskey is designed to prevent password cracking attacks by encrypting the SAM database using 128-bit cryptography. To defeat such a system, an attacker would need to first crack the Syskey encryption then conduct a password cracking attack against the now-decrypted SAM database. However, the number of possible decryption keys for Syskey is so large that it should, in theory, make such an attack computationally infeasible.
What is the vulnerability?
A flaw in the implementation of Syskey provides a means of removing the Syskey encryption without performing a brute-force attack described above. Syskey reuses key stream-the output of the cryptoalgorithm-when encrypting certain values in the database. This provides an opening for a particular cryptanalytic attack that significantly reduces the strength of the protection that Syskey provides.
How did the vulnerability happen?
The need to avoid reusing keystream is well-known among cryptographers, and, by design, Syskey was intended to use unique keystream for all data. The key to generating unique keystream is to provide the cryptoalgorithm with unique initialization data for each value. However, a flaw elsewhere in the code has the effect of providing repeated initialization data which, when used to initialize the cryptoalgorithm, results in identical keystream being generated.
How much does the vulnerability weaken the protection?
By design, Syskey is intended to increase the work factor associated with a brute force attack by so many orders of the magnitude that it becomes infeasible. The vulnerability means that, if the proper cryptanalytic attack were mounted, a Syskey-protected SAM database would require only several times more work to crack than an unprotected one. The patch returns the protection to its stronger state by eliminating the key reuse.
Does the vulnerability mean that people have been cracking my system's passwords?
No. Syskey is just one link in the overall protection of the password data. Before a user could conduct an offline password attack, he or she would need to first obtain a copy the SAM database. Normal security precautions, such as restricting who can interactively log onto critical servers, properly safeguarding backup tapes, etc, are the best protection against this. If a malicious user can't obtain a copy of your SAM database, they can't mount an attack against it.
Does this vulnerability affect Windows 2000?
No.
What does the patch do?
The patch has two effects. First, it corrects the cryptography to ensure that keystream is never reused. Second, it re-encrypts the SAM database to remove the effect of the vulnerability on existing data.
What do I need to do in order for the patch to take effect?
Just apply the patch to any machine on which Syskey has been installed, then reboot the machine. The patch will re-encrypt the SAM and other information, and eliminate the vulnerability.
I haven't used Syskey on my machines, but would like to. Is there a new version of Syskey?
The Syskey executable has not changed. All of the behavioral changes in Syskey are effected via the patch. You can either run Syskey and then apply the patch, or apply the patch and then run Syskey.
I've already used Syskey on my machines. Do I need to "back out" the previous encryption before using the patch?
No. All you need to do is apply the patch and reboot the machine. The patch will re-encrypt the SAM database the first time the machine boots, eliminating the vulnerability.
How long will it take for the patch to perform the re-encryption?
The specific time will depend on hardware speed, size of the database, and other factors. However, it generally takes only a matter of minutes. In our testing, we found that, on typical hardware, the encryption takes roughly a minute to for every 10,000 users' passwords. Thus, if you have 10,000 users on a typical Windows NT machine, the first reboot would take about a minute longer than usual.
If I upgrade from an affected service pack to another affected service pack, do I need to re-apply the patch?
No. For example, if you apply the patch atop SP4, then move to SP6, you do not need to re-apply the patch.
|
|
|
|
|
