Replacement of sha256managed in SQL server, FIPS validation

Question

0.00/5 (No votes)

See more:

Dear Friends,

I am getting below error

Quote:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

i found that, below piece of code is giving me error which i am using to encrypt my string value

Dim passwordBytes() As Byte
          Dim hashBytes() As Byte
          passwordBytes = System.Text.Encoding.Unicode.GetBytes(password)
          hashProvider = New SHA256Managed
          hashProvider.Initialize()
          passwordBytes = hashProvider.ComputeHash(passwordBytes)
          hashedPassword = Convert.ToBase64String(passwordBytes)

now, i have to migrate or replace same version in SQL server.

Kindly help.

What I have tried:

I have checked with

hashbytes()

but encrypted string is not matching with existing encrypted string.

Posted 28-Jun-17 2:07am

Magic Wonder

Updated 29-Jun-17 12:16pm

v3

Add a Solution

Comments

Afzaal Ahmad Zeeshan 28-Jun-17 9:21am

Do you need to upgrade the hashes of passwords, that were stored using SHA256, and you upgraded it, or what?

Magic Wonder 29-Jun-17 2:12am

Hi, Kindly check updated question.

2 solutions

Solution 2

A better idea would be to turn FIPS off. This is a policy setting in Windows. It disallows the use of any cryptographic algorithm that is not on the list of approved algorithms, meaning you can't use known-broken algorithms, like MD5 and SHA.

This is a problem since there are tons of things still using MD5 and SHA, like the compilers in Visual Studio, file hashing tools, and certificate tools.

We had it turned on for about a year and half before we were forced to turn it off because of all the problems it caused.

Microsoft even recommends turning it off[^] now too.

Posted 29-Jun-17 12:16pm

Dave Kreskowiak

Comments

Magic Wonder 3-Jul-17 9:43am

Thanks for your suggestion. But we have to keep FIPS ON.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Accepted Answer · 2017-06-29T10:36:00

Solution 1

If you're just looking for a FIPS-compliant version of SHA256, you should use SHA256Cng[^].

New Crypto Algorithms in Orcas – .NET Security Blog[^]:
... these hash algorithms are just wrappers around the Windows implementations of the algorithms, and therefore are FIPS compliant versions of the SHA-2 algorithms ...

Posted 29-Jun-17 10:36am

Richard Deeming

Comments

Magic Wonder 30-Jun-17 3:24am

Thanks for update on same. However, it is not appearing in System.Security.Cryptography namespace. Do i need to add any reference?

Richard Deeming 30-Jun-17 7:29am

It's in the System.Core assembly.

Magic Wonder 3-Jul-17 9:42am

Thanks for response. It is helpful.