You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
we recently tried installing an application using ReactJS.NET on a machine with the "System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing" Group Policy enabled. There's more information on that policy here https://support.microsoft.com/en-us/kb/811833
The policy is causing the following exception to be thrown "System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithm" when trying to render components.
The issue is that in FileCacheHash.cs the hash algorithm used is MD5 and this isn't certified as FIPS compliant.
I believe it's a one-line change to fix this, I've tested changing creation of _hash to private readonly HashAlgorithm _hash = SHA512.Create("System.Security.Cryptography.SHA512CryptoServiceProvider"); and that seems to work fine.
If that change sounds reasonable let me know and I'll submit a pull request.
(You can recreate this error by following the instructions to turn on the group policy at http://stackoverflow.com/a/13635742 and then trying to render any MVC page that includes a @HTML.React() line in it.)
The text was updated successfully, but these errors were encountered:
Interesting, I didn't know about that setting. I used MD5 because it's fast and fine to use for file hashing (doesn't need to be cryptographically secure) but it's probably fine to change it to SHA512 instead. Feel free to send a pull request 😄
Do you know which algorithms are allowed when FIPS-compliant algorithms are enforced? I think using whichever one is fastest would be sufficient for this use case.
Hi,
we recently tried installing an application using ReactJS.NET on a machine with the "System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing" Group Policy enabled. There's more information on that policy here https://support.microsoft.com/en-us/kb/811833
The policy is causing the following exception to be thrown "System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithm" when trying to render components.
The issue is that in FileCacheHash.cs the hash algorithm used is MD5 and this isn't certified as FIPS compliant.
I believe it's a one-line change to fix this, I've tested changing creation of _hash to
private readonly HashAlgorithm _hash = SHA512.Create("System.Security.Cryptography.SHA512CryptoServiceProvider");
and that seems to work fine.If that change sounds reasonable let me know and I'll submit a pull request.
(You can recreate this error by following the instructions to turn on the group policy at http://stackoverflow.com/a/13635742 and then trying to render any MVC page that includes a @HTML.React() line in it.)
The text was updated successfully, but these errors were encountered: