Is there an alternate hashing algorithm to MD5 for FIPS-enabled systems?
Asked Answered
E

4

27

Whenever I try to use MD5 on a Windows XP machine that has FIPS enabled, I am getting a System.InvalidOperationException.

Is there an alternate algorithm that I should use instead of MD5 on FIPS?

Ethmoid answered 3/2, 2011 at 23:48 Comment(2)
QUICK NOTE: If FIPS Algorithm Policy is enabled on your Windows Server, the the default Cryptography Providers located within System.Cryptography library will SHUT OFF. Keep this in mind when choosing solutions because System.Cryptography providers will NO LONGER be available. TOO SEE POLICY STATUS: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicyDaphie
This answer on a duplicated question provide an alternative.Gebhardt
F
20

MD5 is not FIPS compliant. You can use instead of the MD5 one of the following hashing algorithms:

Ferrin answered 4/2, 2011 at 0:0 Comment(12)
HMACSHA1 and MACTripleDES are both keyed, and serve a different purpose to plain hashes. They're not really direct replacements for MD5.Guddle
You are right, but using a constant key can be enough to be a valid replacement. The SHA1CryptoServiceProvider, probably is the most appropriated in this case. All the HMACSHAxxx need a key :(Ferrin
Going with SHA1CryptoServiceProviderEthmoid
@qazwsx: Why are you choosing not to go with SHA512CryptoServiceProvider? As I said before, I can't think of a compelling reason not to use SHA512. It's far more secure than SHA1, which has almost certainly been deprecated among security professionals. I imagine that future implementations of FIPS will disallow it as well.Glomerule
MD5 is 128 a bits algorithm, so if the md5 was enough the sha1 will be enough too, because it is 128 algorithm too. That's true that the sha1 is not a very secure hashing algorithm, maybe we can say that it is insecure, and maybe it's true but it is at least more secure than the initial algorithm, MD5. In some application where you only want to have a non-plain text can be enough, it's quick and small. You can always use a strongest version of the sha algorithm as you suggest, if the security is important you should do it.Ferrin
@Borja: Maybe you didn't read the question. The MD5 was not enough. It fails to comply with FIPS standards for a reason. There's absolutely no reason to ever use anything but the most secure algorithm possible. It doesn't require any extra work, it already built-in to the Framework. All you have to do is type a different number. I don't really know what your point is about SHA1 being more secure than plain text. Yeah, sure, but that's not the standard by which we measure encryption. This is just generally bad advice.Glomerule
@CodyGray it's simply not true that there is 'absolutely no reason to ever use anything but the most secure algorithm' - security is always a tradeoff, and depending on the application, you need to consider such things as performance, storage requirements and interoperabilityGilbertson
@Cody Gray: Sometimes hashes are simply hashes for comparing fingerprints, not security-related or password hashes.Monomerous
Be mindful of the context, @Scott. The question is about meeting mandated FIPS standards.Glomerule
I came across this post because I'm deploying to a FIPS-mandated machine. Here, the particular use case doesn't require strong cryptographic security, even though the machine simply blacklists MD5. Which, in my case, is overboard and a nuisance.Monomerous
I can see blacklisting MD5 for new hashes...bu can you still check an MD5 hash that was PREVIOUSLY GENERATED back when MD5 was still recommended?Brazilein
@JensFiederer the answer is "no". You are only allowed to use FIPS validated methods. For example, when you enable FIPS mode on Windows it actually blocks certain functions, like MD5, so the software will just crash if it's not expecting the hash to throw an exception. Happens all the time.Manas
G
13

When you enforce FIPS compliance in the Windows security policy settings, you're asserting that you are only going to use FIPS-certified encryption and hashing algorithms. MD5 is not one of these approved hashing algorithms, and that's why the exception is being thrown.

The workaround is simple: choose a different hashing algorithm. The .NET Framework provides plenty of other options in the System.Security.Cryptography namespace. Select one of the SHA family of algorithms. I can't imagine any reason you would have to use MD5 as opposed to one of the alternatives.

Glomerule answered 3/2, 2011 at 23:53 Comment(4)
Are they all FIPS compliant or which one is a better alternative to MD5 that is FIPS compliant?Ethmoid
@qazwsx: Any of the SHA family is FIPS compliant. They're sorted in alphabetical order on the page, so you'll see the whole group towards the bottom. I don't know any compelling reason not to use SHA512.Glomerule
@CodyGray "I can't imagine any reason you would have to use MD5 as opposed to one of the alternatives." When interacting with a third party system that wants something MD5 hashed.Magnitude
If FIPS Algorithm Policy is enabled on your Windows Server, the the default Cryptography Providers located within System.Cryptography library will SHUT OFF.Daphie
B
7

You can use MD5Digest from Org.BouncyCastle.Crypto.Digests

MD5Digest hash = new MD5Digest();

public byte[] Hash(byte[] input)
{
     hash.BlockUpdate(input, 0, input.Length);
     byte[] result = new byte[hash.GetDigestSize()];
     hash.DoFinal(result, 0);
     return result;
}

public string Hash(string input)
{
     var data = System.Text.Encoding.Unicode.GetBytes(input);
     hash.BlockUpdate(data, 0, data.Length);
     byte[] result = new byte[hash.GetDigestSize()];
     hash.DoFinal(result, 0);

     return Hex.ToHexString(result).ToUpper();
}
Biotin answered 4/9, 2018 at 12:25 Comment(2)
This is the best answer to the issue that I've seen anywhere.Spirit
You can use it and it will not error, but it is NOT fips compliant.Noontide
R
3

For cryptographic hashing purposes, you can use SHA1, SHA2, or SHA3, with HMAC if desired.

If you want to use MD5 for non-cryptographic purposes, then that is fine, but you will need to provide your own implementation. Examples include:

  • Hashing files to determine duplicates
  • Internal hash table implementations
  • Validating files from their provided MD5 hashes

The last point is questionable; validating SHA1/SHA2 hashes would be better, and it depends on the validation (e.g. was it corrupted in transit vs. packet authentication).

Receivership answered 19/11, 2021 at 15:6 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.