SYSKEY2 code, and new random data source

Pete Chown Pete.Chown at
Mon Feb 14 10:19:58 GMT 2000

At Luke's request, I have developed some code which implements the
SYSKEY2 scheme for protecting the SAM database.  You can get it from:

(The code isn't really private; I've put it in a directory which is
semi-hidden so I don't have lots of clueless people asking what it
does and how they can use it.)

There is also a replacement for Samba's random number generator, which
produces a random stream based on the SYSKEY2 value.  The reason is
that I discovered a security hole in the old one, assuming that I
understood the code right.

To begin with, assume that we are running on a Unix with a traditional
rand() function (not Linux, for example).  On the first call to
generate_random_buffer(), md4_buf is all zeroes.  The rand() function
is then seeded with a value which we will assume for the moment is

Subsequently there are some cryptographic operations that do quite a
good job of mixing everything up.  However, a traditional rand()
function only has 32 bits of state, so it would be quite feasible to
brute force it.  Eventually you find a seed that generates the random
number stream that you see on the network.

Based on my quick look at the code, I think it may be secure after
that; it will gradually accumulate entropy in md4_buf, meaning that as
the server continues to run the random numbers will become less
predictable.  On the other hand, if you had watched the server since
it started up, you would be able to break the random number generator
"32 bits at a time".
You start off breaking it as described above, then each time it is
reseeded you repeat the exercise, allowing you to track the random
number generator's state over a long period.

      phone +44 (0) 20 8542 7856, fax +44 (0) 20 8543 0176, post:
  Skygate Technology Ltd, 8 Lombard Road, Wimbledon, London, SW19 3TZ

More information about the samba-technical mailing list