none
.Net and FIPS RRS feed

  • Question

  • i have enabled the
    "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled = 1

    to encrypt my hard drive with bitlocker (i have windows 7 ultimate x64)
    so i can't disable it because i have 2 partition of 1 terabyte encrypted with it and i can decrypt them ,
    they must stay encrypted with the fips policy

    but when i try to build a new Class Library project
    with visual studio 2010 beta 2 ultimate

    a regular blank class (classes are derived from object)
    when i try to compile it give me this error:

    "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."


    but i'm not using any of the managed cryptographic algorithms,

    can it be because that Object.GetHashCode() not using a fips compliant algorithm?


    although in .net 2.0, this is the implementation of Object.GetHashCode


    int m_dwHashCodeSeed = 0;
    Thread.GetNewHashCode()
    {
        m_dwHashCodeSeed = m_dwHashCodeSeed*(m_ThreadId*4 + 5) + 1;
        return m_dwHashCodeSeed;
    }

    Object.GetHashCode()
    {
        hashCode = GetThread().GetNewHashCode() >> 7;
    }

    and there isn't any throw of fips exception




    i think that maybe in the .net 3.0-4.0
    the implementation of Object.GetHashCode() Have Changed to use one of the managed cryptographic algorithms :

    in System.Security.Cryptography:

    AesManaged
    MD5Cng
    MD5CryptoServiceProvider
    RC2CryptoServiceProvider
    RijndaelManaged
    RIPEMD160Managed
    SHA1Managed
    SHA256Managed
    SHA384Managed
    SHA512Managed

    and those managed cryptographic algorithms are not Fips compliant , only some of the CNG algorithms (such as AES) are


    how can i solve/bypass it without changing the FipsAlgorithmPolicy in the registry?
    Tuesday, October 27, 2009 2:36 PM

Answers

  • The problem seems to originate from within the Visual Studio build process.  It definitely has nothing to do with the GetHashCode implementation.  If you close all your code windows in Visual Studio, you should be able to compile just fine (or at least that's what worked on my machine).  You may wish to report the problem at https://connect.microsoft.com/visualstudio/feedback.
    • Marked as answer by eryang Monday, November 2, 2009 7:47 AM
    Tuesday, October 27, 2009 4:25 PM