For example, Microsoft provides both SHA1Managed and SHA1CryptoServiceProvider (Unmanaged) as implementations of SHA1.
What, if any, are the advantages and disadvantages of using the unmanaged implementation instead of the managed implementation?
Thanks for any help!
Update:
The answers from SLaks, Chochos, and fejesjoco were very useful, but I chose SLaks because he asked me to. 🙂
As a summary, choose:
- Managed – If you are unsure whether your platform supports the unmanaged implementations (i.e. if you’re deploying to Azure).
- Unmanaged – If you need to comply with the Federal Information Processing Standard (FIPS) and/or you wish to take advange of hardward acceleration.
The CSP implementation is FIPS-certified.
If FIPS is enabled in Local Security Policy, the *Managed classes will throw an exception.