ASP.net This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms

StackOverflow https://stackoverflow.com/questions/13018808

Question

Hey all i am getting this error when trying to compare a password in my database using my ASP.net page.

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

The code looks like this:

Public Shared Function UserAuthentication(ByVal user As String, ByVal pass As String) As WebUserSession
  Dim strSQL As String = ""
  Dim strForEncryption As String = pass
  Dim result As Byte()
  Dim sHA1Managed As SHA1 = New SHA1Managed()
  Dim encryptedString As New System.Text.StringBuilder()

  result = sHA1Managed.ComputeHash(ASCIIEncoding.ASCII.GetBytes(pass))

  For Each outputByte As Byte In result
    'convert each byte to a Hexadecimal upper case string
    encryptedString.Append(outputByte.ToString("x2").ToUpper())
  Next

  strSQL &= "SELECT email, name, id, permission_id, username FROM (user) INNER JOIN user_per ON user.id = user_per.user_id "
  strSQL &= "WHERE(username = '" & user & "' And password = '" & encryptedString.ToString() & "')"

We recently had to update/lock down our server to be compliance with security holes and the like. But doing so caused this error for one of the websites we are hosting on the same server. Prior to all these security settings the web site worked just fine.

The odd part is that i am able to run the website local (debug mode) within VS 2010 and it does just fine. No errors at all.

Would anyone have any tips on how to go around this to make the website work again as it did before we added all these security settings to be complaint? We simply can not just disable it because that would cause our other websites to go out of compliance.

I've already tried the suggestions on these pages: http://blogs.msdn.com/b/brijs/archive/2010/08/10/issue-getting-this-implementation-is-not-part-of-the-windows-platform-fips-validated-cryptographic-algorithms-exception-while-building-outlook-vsto-add-in-in-vs-2010.aspx

http://social.msdn.microsoft.com/Forums/en/clr/thread/7a62c936-b3cc-4493-a3cd-cc5fd18b6b2a

http://support.microsoft.com/kb/935434

http://blogs.iis.net/webtopics/archive/2009/07/20/parser-error-message-this-implementation-is-not-part-of-the-windows-platform-fips-validated-cryptographic-algorithms-when-net-page-has-debug-true.aspx

http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html

Thanks.

Tried using this code as well

Dim p As String = Password.Text.ToString
Dim data(p) As Byte
Dim result() As Byte
Dim sha As New SHA1CryptoServiceProvider()

result = sha.ComputeHash(data)

The error is:

Conversion from string "S51998Dg5" to type 'Integer' is not valid.

And that error is on the line: Dim data(p) As Byte

Was it helpful?

Solution

According to this sha1managed is not fips compliant. It throws an InvalidOperationException because this class is not compliant with the FIPS algorithm.

You need to either disalbe FIPS compliance or use a FIPS compliant implementation. sha1cryptoserviceprovider I think is FIPS complaint.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top