Whenever I try to use MD5 on a Windows XP machine that has FIPS enabled, I am getting a System.InvalidOperationException
.
Is there an alternate algorithm that I should use instead of MD5 on FIPS?
Whenever I try to use MD5 on a Windows XP machine that has FIPS enabled, I am getting a System.InvalidOperationException
.
Is there an alternate algorithm that I should use instead of MD5 on FIPS?
MD5 is not FIPS compliant. You can use instead of the MD5 one of the following hashing algorithms:
SHA512CryptoServiceProvider
? As I said before, I can't think of a compelling reason not to use SHA512. It's far more secure than SHA1, which has almost certainly been deprecated among security professionals. I imagine that future implementations of FIPS will disallow it as well. –
Glomerule When you enforce FIPS compliance in the Windows security policy settings, you're asserting that you are only going to use FIPS-certified encryption and hashing algorithms. MD5 is not one of these approved hashing algorithms, and that's why the exception is being thrown.
The workaround is simple: choose a different hashing algorithm. The .NET Framework provides plenty of other options in the System.Security.Cryptography
namespace. Select one of the SHA family of algorithms. I can't imagine any reason you would have to use MD5 as opposed to one of the alternatives.
You can use MD5Digest from Org.BouncyCastle.Crypto.Digests
MD5Digest hash = new MD5Digest();
public byte[] Hash(byte[] input)
{
hash.BlockUpdate(input, 0, input.Length);
byte[] result = new byte[hash.GetDigestSize()];
hash.DoFinal(result, 0);
return result;
}
public string Hash(string input)
{
var data = System.Text.Encoding.Unicode.GetBytes(input);
hash.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[hash.GetDigestSize()];
hash.DoFinal(result, 0);
return Hex.ToHexString(result).ToUpper();
}
For cryptographic hashing purposes, you can use SHA1, SHA2, or SHA3, with HMAC if desired.
If you want to use MD5 for non-cryptographic purposes, then that is fine, but you will need to provide your own implementation. Examples include:
The last point is questionable; validating SHA1/SHA2 hashes would be better, and it depends on the validation (e.g. was it corrupted in transit vs. packet authentication).
© 2022 - 2024 — McMap. All rights reserved.