5

Any ideas why MD5CryptoServiceProvider isn't throwing a FIPS compliance error. I'm using Win7 and the 3.5 framework. The MS documentation says its not FIPS compliant, but I'm not getting an exception like I was with some of the other algorithms.

--Update--
I get the FIPS exception from a console app, but not my ASP.Net app

Tyler
  • 1,019
  • 12
  • 27
  • What other crypto methods throw exactly which exception? – Eric J. Sep 13 '11 at 01:16
  • RijndaelManaged was throwing the FIPS exception. I just tried MD5CryptoServiceProvider from a console app and it throws the exception, just not happening in my Asp.Net app. – Tyler Sep 13 '11 at 01:24
  • I would be VERY surprised if the same library method throws from a console app but not from an ASP.Net app. Can you post a very simplified code example demonstrating the issue? – Eric J. Sep 13 '11 at 02:38
  • Not much I can show, it throws an exception when the instance is created in the console app, but the same thing doesn't happen in my ASP.net app. – Tyler Sep 14 '11 at 17:13

1 Answers1

1

Perhaps the web site has disabled the FIPS checking using something like this in web.config:

<configuration>
    <runtime>
        <enforceFIPSPolicy enabled="false"/>
    </runtime>
</configuration>

Do you have the same behaviour when you run the app in the ASP.NET development web server vs. IIS?

This guy had the opposite problem: enforceFIPSPolicy flag in web.config doesn't seem to working for web application

Community
  • 1
  • 1
RobSiklos
  • 8,348
  • 5
  • 47
  • 77