Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
As the title asks, why does SHA512Managed encryption cause an InvalidOperationException when the FipsAlgorithmPolicy is active on a machine?
Is it not secure enough for the FIP standard, or is it too secure?
FIPS is not a single-standard but a wide set of standards.
“FIPS-compliant” is a redundant term – any implementation of the algorithm defined by FIPS is compliant, otherwise it would not interoperate with other implementations.
Now, there exists FIPS 140-2 – set of rules (mostly administrative and IT-related, rather than pure programming-related) that define what can be treated as “secure” environment.
Now we come closer … The algorithm can be “FIPS-certified”, that is approved by certified authority as the one that meets requirements of various standards including FIPS 140-2.
When you enable FIPS mode, you actually require that only FIPS-certified modules of Windows are used. And Windows does not have all crypto modules certified – certification is both expensive and time-consuming, so only certain set of native (non-managed) modules is certified, and only specific versions of those modules are certified.
So to put it simply – SHA512Managed class was not certified so it doesn’t meet policy requirements.