Subverting the you-are-in-France MSCrypto bozo bit

Rohit Khare (rohit@fdr.ICS.uci.edu)
Mon, 18 May 1998 13:38:26 -0700


Date: Fri, 8 May 1998 15:26:48 (NZST)
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>

The MS CryptoAPI mailing list recently carried an example of how an actual "You
are now in France" attack might work. It turns out that if you switch the
system-wide locale of an NT system to French, the encryption functionality of
CryptoAPI disables itself (signing and hashing still works). Conversely,
switching the locale from French to something French-related (Belgian, Swiss,
or Canadian French) reenables the crypto. Since NT allows per-thread locales,
it'd be interesting to see if you can selectively enable/disable the crypto for
a particular application without needing to change your system-wide locale
setting (set the system locale to French Canadian, then set the thread locale
to French so you get the UI acting as "French" French but the crypto acting as
Canadian French).

Peter.

------- End of Forwarded Message