I'm glad I'm not the only one that has to learn a few lessons the hard way. Microsoft learned another solid lesson last week when someone discovered that its Syskey technology has a serious security weakness. As you might know, Syskey helps protect the SAM database on Windows NT systems by introducing strong encryption to that area of the Registry. The weakness in Syskey resides in the fact that Microsoft is reusing the RC4 keystream associated with Syskey encryption, which seriously weakens the technology.
The risk in Syskey is very significant, and it's not the first time something of this nature has occurred. Last year, L0pht and Counterpane Systems released a white paper detailing numerous security shortcomings in Microsoft's PPTP implementation. One of those shortcomings was the fact that Microsoft Point to Point Encryption (MPPE) reused RC4 keystreams—just like the Syskey technology.
Maybe I'm being an idealist, but I'd have assumed that after the release of the L0pht and Counterpane PPTP white paper, Microsoft would have scoured its encryption code looking for similar security-risk occurrences. But apparently that didn't happen, and here we are again, attending class at the school of hard knocks for NT 4.0.
Windows 2000 (Win2K) is just around the corner. Win2K is supposed to be more secure than NT 4.0, and the OS certainly contains more encryption technology than NT 4.0. I can only wonder whether the Win2K developers are paying attention to the encryption follies uncovered in NT 4.0? Until next time, have a great week.
