AJAX.NET 和 FIPS
我们的应用程序有几个部分使用 AJAX.NET 5.7.25.1。我们的服务器管理员已启用 FIPS,但我们遇到以下错误:
此实现不是 Windows 平台 FIPS 验证的加密算法的一部分。
调用堆栈:
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
at MS.Utilities.MD5Helper.GetHash(Byte[] data)
at Ajax.AjaxRequestProcessor.Run()
at Ajax.AjaxHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
AJAX.NET 库的较新版本是否符合 FIPS 标准?
We have a few sections of our application that are using AJAX.NET 5.7.25.1. Our server administrators have enabled FIPS and we are running into the following error:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
Call stack:
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
at MS.Utilities.MD5Helper.GetHash(Byte[] data)
at Ajax.AjaxRequestProcessor.Run()
at Ajax.AjaxHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Are the newer versions of the AJAX.NET libraries FIPS compliant?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
此处最快的方法可能是直接修改 AJAX.Net pro 源代码以删除使用 MD5 算法的违规调用。从 Codeplex 获取您正在使用的 AJax.NET pro 版本的源代码。在 AjaxPro/Utilities/MD5Helper.cs 中:
将行...替换
为行...
这应该可以修复它。 根据此页面,SHA1 符合 FIPS 规范
在本例中...正在使用的唯一 API 是 ComputeHash() 方法,两个提供商都实现了该方法...
只需切换加密提供商,您就应该能够编译和使用代码,而无需任何其他更改,也没有任何烦人的 FIPS政策违规标志。
The fastest way to done here may be to just modify the AJAX.Net pro source directly to remove the offending call that uses the MD5 algorithm. Go get the source for the version of AJax.NET pro you're using from Codeplex. In AjaxPro/Utilities/MD5Helper.cs:
Replace the line...
with the line...
That should fix it. SHA1 is FIPS compliant per this page
In this case... the only API that is being used is the ComputeHash() method, which both providers implement so...
Just by switching the crypto providers you should be able to compile and use the code without any other changes and without any annoying FIPS policy violation flags.
在 .NET 中使用任何 MD5 哈希算法都被视为不符合 FIPS,因此总会出现该错误。我不确定 AjaxRequestProcessor 是否可能使用 MD5,它可能是某种视图状态操作。更改视图状态加密算法以使用 3DES 而不是 MD5 可能会有所帮助。
尝试在 web.config 文件的 system.web 部分中添加此密钥:
有关解决方法的完整文章此处< /a>.
此外,仅在 Web 配置中设置 debug="true" 就会导致出现此错误,因为 .NET 使用 MD5 进行某些调试操作。你的 web.config 中是否有 debug="false" ?
Use of ANY MD5 hash algorithm in .NET is considered NON-FIPS compliant so this will always give that error. I'm not sure if the AjaxRequestProcessor might be doing with MD5, it might be some kind of viewstate operation. Altering your viewstate encryption algorithm to use 3DES instead of MD5 may help.
Try adding this key in your system.web section of the web.config file:
Full article about the workaround HERE.
Also, just having debug="true" in your webconfig can cause this error to crop up as .NET uses MD5 for some debugging operations. Is debug="false" in your web.config?