.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
MarieAdela
Imran Ghani
Post New Web Links

FIPS validated cryptographic algorithms

Posted By:      Posted Date: May 22, 2011    Points: 0   Category :WPF
 

I have enabled the FIPS algorithm policy on our windows server2008 machine. Now, any page that has a viewstate is abending with the following error: 

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.



This is used in a web farm so we have a machine key defined in our machine.config. If I add decryption="3DES" to the end of that key everything works again. My guess is the default is AES which isn't FIPS compliant. I also noticed this is not an issue on my iis 6.0 servers running server 2003. Very similar setup.

Is there a better way to handle this situation? I read some articles about doing something similar in the app web config. The web.config worked fine. However, the machine.config change seems better because I won't have to change every application.

 




View Complete Post


More Related Resource Links

SharePoint 2010 Installation Failed - FIPS validated cryptographic algorithms

  
Hi All,
We are trying to install SharePoint 2010 foundation on a Windows 2008 Standard-SP2 (NOT R2).
After installing SharePoint when we run the config wizard for the first time we get the below mentioned error. We have another box which hosts MS SQL Server 2008 and we noticed that the config database is created but the wizard fails during the Create Config Database step.
Local security policy for FIPS is disabled.

Failed to create the configuration database.
An exception of type System.InvalidOperationException was thrown.  Additional exception information: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
   at System.Security.Cryptography.SHA256Managed..ctor()
   at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.ComputeHash()
   at Microsoft.SharePoint.Administration.SPUserCodeService.UpdateValidatorsHash()
   at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj, Boolean ensure)
   at Microsoft.Sha

Tamper-Resistant Apps: Cryptographic Hash Algorithms Let You Detect Malicious Code in ASP.NET

  

Cryptographic hash algorithms produce fixed-length sequences based on input of arbitrary length. A given input always produces the same output, called a hash code. Using these algorithms, you can compute and validate hash codes to ensure that code running on your machine has not been tampered with or otherwise changed. ASP.NET provides a software mechanism for validating hash code fingerprints for every page requested by a client. In this article, the author shows how to use hash codes with ASP.NET applications to detect tampering and prevent malicious code from running when tampering is detected.

Jason Coombs

MSDN Magazine September 2002


FIPS compliance on web app; no workaround

  

We recently had FIPS Compliance enforced through Group Policy on our production servers.  In our development environment, we are setting the registry key to enforce FIPS, and we inserted the <machineKey> setting found elsewhere to use MD5 encryption in the ViewState.

However, the web application, which has been working for years, suddenly gets this error:

 

Server Error in '/' Application.

Parser Error

Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately.

Parser Error Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Source Error:

Line 1:  <%@ Application Codebehind="Global.asax.cs" Inherits="MyWebApplication.Global" %>

Source File: /global.asax    Line: 1


Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.40

Security Briefs: Cryptographic Agility

  

Even if you use only the most secure algorithms and the longest key lengths, there's no guarantee that the code you write today will remain secure. A better alternative is to plan for agility from the beginning. Rather than hard-coding specific cryptographic algorithms into your code, use one of the crypto-agility features built into the Microsoft .NET Framework. This article shows you how.

Bryan Sullivan

MSDN Magazine August 2009


Windows with C++: Exploring High-Performance Algorithms

  

See how you can gain efficiency in surprising ways by looking closely at your algorithms, the data they operate on, and the hardware you're designing for.

Kenny Kerr

MSDN Magazine October 2008


Genetic Algorithms: Survival of the Fittest: Natural Selection with Windows Forms

  

Genetic Programming is an evolutionary algorithm that employs reproduction and natural selection to breed better and better executable computer programs. It can create programs that implement subtle, non-intuitive solutions to complex problems. By taking a well-known example from the Genetic Programming community and implementing it with the .NET Framework, this article demonstrates that CodeDOM and Reflection provide all the facilities that are needed to do Genetic Programming effectively.

Brian Connolly

MSDN Magazine August 2004


C++ and STL: Take Advantage of STL Algorithms by Implementing a Custom Iterator

  

There are many benefits to using the Standard Template Library (STL) for C++ development, including the ability to use generic data structures and algorithms. To use the STL algorithms, an STL-conforming container is required. Iterating through the Internet Explorer cache is an informative exercise, but the cache is not an STL-conforming container. So, to use the STL algorithms to search and enumerate the Internet Explorer cache, an adapter is needed. Building such an adapter-an STL-conforming iterator-is the topic of this article. Also provided is an overview of the components of the STL and the Win32 Internet APIs used.

Samir Bajaj

MSDN Magazine April 2001


if 'other' from drop down is selected, the respective details textbox is now validated using a req

  
Hi, I'm developing a system with a number of drop down lists. One of the questions relates to the light conditions at the time of the incident (for example, it could be dark, poorly lit, dusk etc...)One of the options on the drop down list is 'other'. (i argue with my client that if they're using dropdown lists, don't use other, but they disagree)The next field is 'If other, please give details'. What i'm basically looking to acheive is to say that if you select 'other' from the dropdown list, the 'if other' field becomes required using a requiredfield validator. (and the reverse too, so if you choose a pre-poulated answer such as 'dusk', the 'if other' field is not required.)I have all my other validations working fine and my drop down list is populated from an SQLDatasource (not ASP.net Items)My dropdown list id= ddlLightMy 'other' field id= txtbxLightOtherMy required validator for the 'other' field id= requiredvalLightOthermy sqldatasource id= sqldatasourcelightI'm thinking something like this, but it's not quite working for me:If ddlLight.Text = ("other") Thentxtbxlightother...Any assistance would be great. I've done this before and i'nm frustrating myself as i can't seem to work it out!ThankMike

SSAS FIPS compliance encryption

  

I am trying to find out if SSAS processes are encrypted to FIPS compliant standards. We have been able to implement FIPS encryption for MSSQL but we have found no way of determining if SSAS standard encryption is FIPS compliant. As is my understanding SSAS files are encrypted by default but we are not aware that this encryption is FIPS compliant.

Does anyone know if SSAS encryption is FIPS compliant? and if so do you know how we could prove this to auditors? If SSAS standard encryption is not FIPS compliant does anyone know what we need to do to implement encryption at the FIPS compliance level?

The version of SSAS is 2008 x64. MSSQL is Enterprise 2008 x64.

much appreciated :-)

 

 

 

 


Fips Compliance of Analysis Services and Encryption of Cube Data

  

We have SQL Server succesfully set up for FIPS Compliance, But require to setup the same Compliance for the Encryption of Data in Analysis services 2008 enterprise on the same Win 2008 server.

If we browse to the SAS Data Folder for our Project on the Fips Compliant  Instance We can view the Data Files and the Data is Visible in Plain Text. Depite the security setting being set to DataProtectMode 1 (Encryption).

So my Questions:

1. Is Analysis Services 2008 enterprise Fips Compliant ?

2. if it is How do we set it up

3. how do we prove to security Auditors that it is Set up and Working in Compliant Mode.

We have done Exaustive Searches of msdn Google blogs, sql-cat etc and found no relevent articles to Answer these specific Questions and are reluctant to Go to Chargeable support until we have exausted other available avenues.

 

 Colin Robinson

 


Encryption and FIPS Compliance of Analysis Services 2008

  

We have SQL Server succesfully set up for FIPS Compliance, But require to setup the same Compliance for the Encryption of Data in Analysis services 2008 enterprise on the same Win 2008 server.

If we browse to the SAS Data Folder for our Project on the Fips Compliant  Instance We can view the Data Files and the Data is Visible in Plain Text. Depite the security setting being set to DataProtectMode 1 (Encryption).

So my Questions:

1. Is Analysis Services 2008 enterprise Fips Compliant ?

2. if it is How do we set it up

3. how do we prove to security Auditors that it is Set up and Working in Compliant Mode.

We have done Exaustive Searches of msdn Google blogs, sql-cat etc and found no relevent articles to Answer these specific Questions and are reluctant to Go to Chargeable support until we have exausted other available avenues.


CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired error

  

I have a vb.net application running .Net 1.1. for users to login in the login page has to decrypt the user login information. However, when I try to initialize RSACryptoServiceProvider, i get CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired error.

Initializing Method

 

Public Sub AssignParameter() 
    Const PROVIDER_RSA_FULL As Integer = 1
    Const CONTAINER_NAME As String = "KeyContainer"
    Dim cspParams As CspParameters
    cspParams = New CspParameters(PROVIDER_RSA_FULL)
    cspParams.KeyContainerName = CONTAINER_NAME
    cspParams.Flags = CspPro

Which one is better - AES (Rijndael) or DES(Triple DES) encryption algorithms

  

Hi ,

 

Which one is better -  AES (Rijndael) or DES(Triple DES)  encryption algorithms            

-  Is AES (Rijndael) is superior to DES (Triple DES) based algorithms??   If so what’s the use of Triple DES

Great if you can share your views on this

 

Regards,

SharePoint 2010 does not work when FIPS enabled

  
I have a SharePoint 2010 environment and when I enable FIPS, I do get "An unexpected error has occurred." message and nothing else. I have added <machineKey

validated duplication

  

Hi All.

In DetailForm I would like to validate TextBox1 in case when user try to save record. How to prevent save duplication value? I will appreciate for sample.

Thanks.


How much web layer input (ex. GridView DataKeys) should be validated in the business layer?

  

Back in the day when we were mostly submitting forms from one page to another we used to have to validate all post parameters to make sure that the ids somehow belonged to the user that was currently logged in.  After all you didn't want a "hacker" to be able to pull someone else's information.  In modern ASP.NET application in a situation where a lot of these keys are part of server controls (ex DataKeys of GridView) and is stored in ViewState which is supposedly stamped with a hash that gets validated on every post back, does anyone still validate that the key that was retrieved in fact belongs to the user?

I currently do, my business layer methods tend to take an instance of a "profile" object that is maintained in session for each user, the profile contains all basic information including the company etc. that the user is associated with.  Having the profile in every business method I can validate that any piece of information requested by the web layer from the business layer does in fact belong to the user requesting it.  Another thought is that the library (business layer) can also be reused outside of ASP.NET where perhaps the input would not be as secure.  I am wondering if all of this is overkill as all of my basic GetSomething() methods tend to have extra trips to the database to make sure that an ID

Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend