Syskey

[Michel Arboi <arboi () yahoo com>]

By default, Windows 2K encrypts the SAM entries, so that a stolen
"sam" file cannot be used to retrieve passwords.
However, the encryption key is most of the time stored in the system
through a "complex obfuscation function" (dixit Microsoft).

I wonder if somebody has studied this function. It should be possible
to get the key and decrypt the SAM e.g. with a Linux boot floppy or
from a "stolen" hard disk.
(I *know* pwdump[1-3] and it does not solve this problem)


___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com