1

Is there is a way to override the MD5 functionality provided by MD5CryptoServiceProvider to make it FIPS validated? This is because I would like to keep the logic used in the application and not modifying MD5 for another hashing algorithm that might cause an impact further down the road.

jww
  • 97,681
  • 90
  • 411
  • 885
Eton B.
  • 6,121
  • 5
  • 31
  • 43

1 Answers1

10

As far as I know, MD5 is not a FIPS approved algorithm, and therefore any application that depends on it is likely out of compliance.

I suggest either using SHA1CryptoServiceProvider if you need your application to provide FIPS validated cryptography, or using the Bouncy Castle cryptography library (which does not honor the Windows FIPS policy setting) if your application either will not need to be FIPS-validated or uses MD5 for some non-security-related purpose.

jww
  • 97,681
  • 90
  • 411
  • 885
Jeffrey Hantin
  • 35,734
  • 7
  • 75
  • 94
  • 1
    Just to underscore- http://support.microsoft.com/kb/811833 "Additionally, any attempt to create an instance of a cryptographic algorithm that is not FIPS compliant, such as MD5, also causes an InvalidOperationException exception." – blowdart Dec 06 '11 at 23:49