fips

问题 I'm running into an issue with an ASP.NET 2.0 application. Our network folks just upped our security, and now I get the floowing error whenever I try to access the app: "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." I've done a little research, and it sounds like ASP.NET uses the RijndaelManaged AES encryption algorithm to encrypt the ViewState of pages... and RijndaelManaged is on the list of algorithms that aren't FIPS compliant. We're

问题 I am trying to compile my program in visual studio and I am getting a FIPS Cryptographic algorithms error. I have checked the registry key and it is set to false. Any suggestions? 回答1: I had a hard time with this too. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa . Under a subkey you should see FipsAlgorithmPolicy . DELETE this registry entry and restart visual studio. REF: https://blogs.iis.net/webtopics/parser-error-message-this-implementation-is-not-part-of-the-windows

问题 I believe hash('sha256', $pw) is FIPS compliant, but I know for certain that an attack vector is possible with using that function. Also, there is no salt (so I would have to encounter that implementation and I would rather not). Is password_hash / password_verify FIPS compliant? 回答1: No. FIPS 140-2 does not certify password hashing algorithms. As such, password_hash cannot be FIPS compliant, because FIPS simply doesn't apply to it. To the best of my knowledge, the hash implementations used

问题 I want to disalbe fips in asp .net x64 application. In web.config I added <runtime> <enforceFIPSPolicy enabled = "false"> </runtime> I set debug to false. However my application do not work. Should I declare runtime section in < configSections > ? If yes then is it a proper line <section name="runtime" type="System.Configuration.IgnoreSection, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false"/> 回答1: Solution only works for IIS >= 7

问题 I've enabled FIPS compliance mode in Windows 7, but now my code fails to compile with the following error: Source file 'whatever.cs' could not be opened ('This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.') I'm using SHA1 (hashing) and TripleDes (encryption) encryption. I also tried SHA512 and AES (256 bit key). I can't get the project to build any more, but I need to compile it to use FIPS Compliant algorithms. 回答1: Try making a blank C# app and

问题 Right now the only way I can get the RijndaelManaged algorithm to work on a computer with the Local Security Setting for FIPS turned on, is to disable it. It is a government computer, so I'm not sure how that will fly. I've seen posts on the msdn blog sites that say they are working on an AES FIPS compliant version, but I cant seem to find out anything more. Does anyone know when this might happen? 回答1: I never realized this before this question, but you're right. The constructor has this:

问题 Ok, this has been an ongoing issue for some time. I have been experimenting for a couple of months now and so far the only way I can get my applications to communicate with Windows Server 2008 R2 is to enable the "Use FIPS Compliant algorithms for encrypting, hashing, and signing" setting in the Group Policy of both the client and server machines. Once that is turned on (TLS 1.2 enabled and TLS 1.0 disabled in the registry of both client and server) it works. But, my dilemma is that I don't

问题 Is there is a way to override the MD5 functionality provided by MD5CryptoServiceProvider to make it FIPS validated? This is because I would like to keep the logic used in the application and not modifying MD5 for another hashing algorithm that might cause an impact further down the road. 回答1: As far as I know, MD5 is not a FIPS approved algorithm, and therefore any application that depends on it is likely out of compliance. I suggest either using SHA1CryptoServiceProvider if you need your

问题 My .NET 4.0 Web services are using libeay32.dll, which is compiled in VS2010 with the /FIXED option in order to be FIPS compliant. This means that libeay32.dll fails to load unless it gets to live in a certain address (0xfb00000). The exception thrown is: System.DllNotFoundException: Unable to load DLL 'some_dependent_library.dll': Attempt to access invalid address. The only way I know to help guarantee that libeay32.dll gets the right address is to load it in a Main() method before any other

问题 I am compiling OpenSSL with FIPS. When I tried running openssl binary in FIPS mode by exporting OPENSSL_FIPS=1, it is giving below error, 47657709811344:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:232: My platform is Linux Suse. Please help. EDIT 1: I am using below command to build ./Configure no-idea fips --prefix=build/Linux.2.6.16_x86-64_gcc-4.1.2/result --with-fipslibdir=Current/lib/Linux.2.6.16_x86-64_gcc-4.1.2/ --with-fipsdir=Current