none
Issue with MD5CryptoServiceProvider classin System.Security.Cryptography namespace RRS feed

  • Question

  • Hi Team,


    We have developed a Class Library which is used to encrypt and decrypt the data. This library is used to create files in an application.

    The application use the security library to encrypt the data before a file is created in the users machine and decrypt the data when a user upload the file from his machine.

    We used MD5CryptoServiceProvider algorithm to get the HASH key and that Hash is used to encrypt/decrypt the data using TripleDESCryptoServiceProvider class provided by dot net framework.


    We deploy three version of the application and our uses created many files using the library. All the files will be stored in the users machine at the path selected by the user.


    Now certain users complained that they can not use the library because of an exception  "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."


    The root cause of this issue is the security setting "System.Cryptography: Use FIPS compliant algorithm for encryption/Decryption/Hashing and signing " in the user machine is enabled.


    All the user machines belonging to certain area has this setting enabled by default and due to some security reason they can not disable this setting.


    We can not ask all our users to migrate to new version of our tool and we want backward compatability to be maintained.

    So If we replace the MD5 algorithm to some FIPS compliant algorithm then the files created in old version of my tool will not work because those files were encrypted using a MD5 algorithm. Those files were also stored in user's machine and hence we can't track those files as well.


    For this reason we are not in a position to replace the algorithm

    Please tell me if there is any patch available for download to fix the FIPS issue for MD5 algorithm.


    Please provide your views suggest us a solution for this issue.

    Regards

    N.S.A Sarma Pendyala.

    Monday, July 27, 2015 10:10 AM

Answers

  • Hi Kristin,

    We are able to resolve the issue by configuring below setting related to FIPS setting in Config file.

    <configuration>

        <runtime>

            <enforceFIPSPolicy enabled="false"/>

        </runtime>

    </configuration>

    Tuesday, August 4, 2015 2:32 PM

All replies

  • Hi N.S.A Sarma Pendyala.

    Have you tried to fix using the following workaround?

    To download this hotfix from the MSDN Code Gallery, visit the following Microsoft Web site:

    For more detailed information, please refer to the following KB support.

    FIX: Error message in FIPS-compliant systems when you use Windows Communication Foundation to serialize generic types: "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms"

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Tuesday, July 28, 2015 9:59 AM
  • Hi Kristin,

    Thank you for your reply.

    I have tried accessing the link to download the patch before posting this question.

    But for some reason I got retired content message in that page.

    Could you please attach the Microsoft Patch in this ticket or let me know how to download the patch?

    Also could you please brief about this Patch?

    We have implemented MD5 in a WPF application and our users have already created some files encrypted in their machines using our library.

    Is the patch required to install in all the client machines?

    Regards,

    Sarma.

    Tuesday, July 28, 2015 11:21 AM
  • Hi Kristin,

    Thank you for your reply.

    I have tried accessing the link to download the patch before posting this question.

    But for some reason I got retired content message in that page.

    Could you please attach the Microsoft Patch in this ticket or let me know how to download the patch?

    Also could you please brief about this Patch?

    We have implemented MD5 in a WPF application and our users have already created some files encrypted in their machines using our library.

    Is the patch required to install in all the client machines?

    Regards,

    Sarma.

    Hi Kristin,

    We are looking for some support on this issue.

    Please reply is any work around for this issue.

    Thursday, July 30, 2015 10:08 AM
  • Hi N.S.A Sarma Pendyala.

    Have you tried to fix using the following workaround?

    To download this hotfix from the MSDN Code Gallery, visit the following Microsoft Web site:

    For more detailed information, please refer to the following KB support.

    FIX: Error message in FIPS-compliant systems when you use Windows Communication Foundation to serialize generic types: "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms"

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Hi Kristin,

    What is the proper way to report a broken or not working link to Microsoft?

    In this case the link to the article works but the link you posted for downloading the patch, which is the same link in the article, eventually times out. Faulty link: http://code.msdn.microsoft.com/KB935434



    Mark as answer or vote as helpful if you find it useful | Igor

    Thursday, July 30, 2015 10:58 AM
  • Hi Sarma,

    Yes, I also noticed the link is overdue. In my experience, Microsoft will include the fix in the later updates. As it is a very old patch, if windows and .net framework is update to date. I guess the fix had already been applied.

    So please check if the problematic machines are up to date. If the issue persist at that kind of situation. I guess the issue could be caused by more complicated reasons. Which will be very hard to handle in this forum. I suggest you submit a MS ticket for more specific help.

    Phone support channel: https://msdn.microsoft.com/en-us/library/bb266240.aspx

    Best regards,

    Kristin 


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.



    • Edited by Kristin Xie Thursday, July 30, 2015 2:03 PM
    Thursday, July 30, 2015 2:01 PM
  • Hi Kristin,

    We are able to resolve the issue by configuring below setting related to FIPS setting in Config file.

    <configuration>

        <runtime>

            <enforceFIPSPolicy enabled="false"/>

        </runtime>

    </configuration>

    Tuesday, August 4, 2015 2:32 PM
  • Hi Kristin,

    We are able to resolve the issue by configuring below setting related to FIPS setting in Config file.

    <configuration>

        <runtime>

            <enforceFIPSPolicy enabled="false"/>

        </runtime>

    </configuration>

    @Sarma,

    Glad to know you worked it out, and thanks for sharing your solution here. It also could be better to someone has the same issue.

    Have a nice day!

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, August 5, 2015 1:05 AM