jamesmontemagno
commented
3 years ago Ah interesting, never heard of FIPS.
I would just pull the code into your project and manually edit it as needed in this case.
Closed matthewclendening closed 2 years ago
jamesmontemagno
commented
3 years ago Ah interesting, never heard of FIPS.
I would just pull the code into your project and manually edit it as needed in this case.
matthewclendening
commented
3 years ago Yes, pulling the relevant code was definitely the best solution in this case. Anyone using the MonkeyCache.FileStore on a FIPS enabled system will need to modify Barrel.cs to not use MD5.Create(). As an alternative, use SHA256.Create() for example. (US government computers often have FIPS turned on)
jamesmontemagno
commented
3 years ago If you want to make a PR on it and put a boolean that flips to sha256.create() on it
matthewclendening
commented
3 years ago Sounds like a plan! PR submitted
If you turn on FIPS, interacting with a barrel will produce:
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
... because of the use of the MD5CryptoServiceProvider. Looks like just changing to use the SHA1CryptoServiceProvider or SHA256CryptoServiceProvider would fix.
As far as I can tell, this is not configurable (by design) - correct? It would require a patch.