views:

120

answers:

1

I've read (but not tested) that Isolated Storage uses Sha1Managed, which is not FIPS-compliant?

Is that accurate, and can anything be done to use Isolated Storage on a FIPS-compliant WinXP SP2 box?

I've seen mention of "Isolated Storage" within both the ClickOnce and Silverlight spaces. I'd appreciate an informed answer regarding either (or both!).

A: 

Yes, Isolated Storage does use SHA1Managed internally, which is not FIPS compliant. You will get an exception thrown from within the initialisation of Isolated Storage if FIPS is enabled (with the message "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms").

The MSDN docs don't mention it in the main pages for Isolated Storage, but there is mention of it in this page. I haven't come across a method to get it to work with FIPS enabled - most suggestions are to implement a mechanism similar to Isolated Storage yourself using files encrypted with TripleDES.

adrianbanks