views:

342

answers:

1

I used Rijndael algorithm to encrypt/decrypt my data. But it is not FIPS compatible. I want to change it to another one. Could you please give me a suggestion that which one is better? Better means:

  1. FIPS compatible
  2. High security level
  3. This algorithm should came from dotnet 2.0 framework which provided by Microsoft.

Thanks

-Jamebo

+1  A: 

You can use AES 256, many vendors use it and got their FIPS certification.
The thing is that is not enough to use the "proper" encryption algorithm in order to be FIPS compliant, you need to subject your system for testing by the NIST.

Edit: someone already did a test on all .NET 2.0 & 3.5 providers to see if they are FIPS compliant.

long story short:

Under .NET 2.0 the following are supported:
DESCryptoServiceProvider
DSACryptoServiceProvider
RSACryptoServiceProvider
TripleDESCryptoServiceProvider

Shay Erlichmen
System.Security.Cryptography.AES is provided in dotNet 3.5. I want to the algorithm for dotNet 2.0. Is there another tip?
Jamebo
AesManaged Class (MSDN):If the Windows security policy setting for Federal Information Processing Standards (FIPS)- compliant algorithms is enabled, using this algorithm throws a CryptographicException.
Jamebo
TripleDesCryptoServiceProvider constructor maybe throw exception:if (!Utils.HasAlgorithm(0x6603, 0)){throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_AlgorithmNotAvailable"));}So, when will this exception be thrown? In some old operation system? How about Win2000?
Jamebo