SYSKEY question

[Oscar P.]

Does the enabling of a SYSKEY startup password realistically provide any
greater security for a 2K3 domain controller SAM database against on-line
attacks?

It seems to me that, with the tools available today, if an attacker is able
to remotely gain access to the SAM and key and copy them off to the mother
ship for processing, it wouldn't matter whether SYSKEY was using a
startup-provided password, or locally-stored password.

Thanks
Oscar

 

[James Matthews]

Yes people can grab your hashes and put them into rainbow tables and crack
them in a matter of minutes however that only if 1. LSASS.EXE can be
injected to (or the user has debug privs). 2. The under is running at
NY/SYSTEM 3. Your password is not 16+ chars and those 16 should be letters
number and symbols! Now Syskey protects the Sam file and believe me it's not
good without it

--

http://www.goldwatches.com/watches.asp?Brand=14

"Oscar P." <OscarP@discussions.microsoft.com> wrote in message
news:1C2BE1A2-1898-4A03-A2E6-5B556753CAA4@microsoft.com...
> Does the enabling of a SYSKEY startup password realistically provide any
> greater security for a 2K3 domain controller SAM database against on-line
> attacks?
>
> It seems to me that, with the tools available today, if an attacker is
> able
> to remotely gain access to the SAM and key and copy them off to the mother
> ship for processing, it wouldn't matter whether SYSKEY was using a
> startup-provided password, or locally-stored password.
>
> Thanks
> Oscar