Glossary
Boot key (syskey)
The 16-byte master key, hidden across four registry key class names in the SYSTEM hive, that seeds every Windows credential-encryption routine.
The boot key (or syskey) is a 16-byte value that Windows mixes into the
encryption of the SAM database, LSA secrets, and the NTDS.dit PEK. It is not
stored as a registry value — it is split across the class names of the JD,
Skew1, GBG, and Data keys under
SYSTEM\CurrentControlSet\Control\Lsa, then de-scrambled with a fixed
permutation.
Because the key sits in the same SYSTEM hive that gets backed up alongside the
SAM, offline decryption is deterministic once both files are obtained. See
How the Windows boot key works.