Closed gsxryan closed 4 years ago
thehoglet
commented
4 years ago @gsxryan Thanks for looking into this. Recently I ran code analysis over this app and those tools raised use of MD5 as an issue. Dumb of me to ignore it. Will switch to the SHA1 crypto provider for the next release.
gsxryan
commented
4 years ago MD5 is def a weak algo. No worries. Thank you for working on it for the next release! Out of curiosity, what do you use for code analysis for these apps? May come handy in my toolkit.
thehoglet
commented
4 years ago For code analysis in .NET: FxCop Analyzers
thehoglet
commented
4 years ago Fixed in v0.9.
No response from program, will not load when the following Windows 10 STIG is applied. https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63811
Solution: The software should support FIPS compliant algos. Unless it's something stronger, then the workaround should be sufficient for now.
Workaround: Powershell
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy" -Name "Enabled" -Value "0" -ForceAnd/Or Disable the GPO: Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings>> Local Policies >> Security Options >> "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" to "Disabled".