0

I have a legacy application which is not FIPS compliant. When a user saves his password for the first time the encrypted password is saved in the database and the below algorithm is used to determine the encrypted password on login (which is then compared with the database value).

My question is can I replace these calls with FIPS compliant calls? (I tried changing the hash call to var hashmd5 = MACTripleDES.Create() but the TripleDESCryptoServiceProvider call fails with "Specified key is not a valid size for this algorithm.").

      using (var hashmd5 = new MD5CryptoServiceProvider())
      {
          byte[] pwdhash = hashmd5.ComputeHash(Encoding.ASCII.GetBytes(PasswordSalt));
          using (var des = new TripleDESCryptoServiceProvider {Key = pwdhash, Mode = CipherMode.ECB})
          {
             byte[] buff = Encoding.UTF8.GetBytes(password);
                           result = Convert.ToBase64String(des.CreateEncryptor().TransformFinalBlock(buff, 0, buff.Length)); 

          }
      }

If I do get this working, will I have to delete all the passwords and ask users to recreate their passwords?

Thanks

JD.
  • 15,171
  • 21
  • 86
  • 159
  • Why aren't you leveraging Active Directory to authorize users and credentials? If you have to ask this question, your probability of doing it correctly approaches zero. – Pieter Geerkens Mar 04 '15 at 17:34
  • Check hashmd5.HashSize property. From MSDN: _"This algorithm supports key lengths from 128 bits to 192 bits in increments of 64 bits."_. – Adriano Repetti Mar 04 '15 at 17:36
  • @PieterGeerkens : There is an active directory implementation in addition to this legacy implementation. I am trying to evaluate what is required if we change the above code. – JD. Mar 04 '15 at 17:40

1 Answers1

3

There is no FIPS 140-2 compliant .Net Framework implementation of the MD5 hash algorithm. You'll have to use SHA1 (System.Security.Cryptography.SHA1CryptoServiceProvider ) or SHA256 (System.Security.Cryptography.SHA256CryptoServiceProvider) instead.

Yes you will need to re-hash the passwords for it to work.

Kevin
  • 157
  • 3
  • Thanks Kevin. However the above code has an encryption part (TripleDESCryptoServiceProvider) which I am having difficulty trying to get to work. – JD. Mar 04 '15 at 23:32
  • First, if you are going to derive a key from a password, you should probably be using the Rfc2898DeriveBytes class instead of a hash algorithm. It is designed just for this and allows you to specify how many bytes it returns. The legal key size for TripleDESCryptoServiceProvider is 64 bits (8 bytes). Sha1 produces a digest of 160 bits (20 bytes) and Sha256 produces a 256 bit (32 byte) digest. So you'll have to take just the first 8 bytes of the hash output to use as your key. – Kevin Mar 13 '15 at 19:51