Is there an alternate hashing algorithm to MD5 for FIPS-enabled systems?

Question

Whenever I try to use MD5 on a Windows XP machine that has FIPS enabled, I am getting a System.InvalidOperationException.

Is there an alternate algorithm that I should use instead of MD5 on FIPS?

Answer 1

MD5 is not FIPS compliant. You can use instead of the MD5 one of the following hashing algorithms:

• HMACSHA1
• MACTripleDES
• SHA1CryptoServiceProvider

Answer 2

When you enforce FIPS compliance in the Windows security policy settings, you're asserting that you are only going to use FIPS-certified encryption and hashing algorithms. MD5 is not one of these approved hashing algorithms, and that's why the exception is being thrown.

The workaround is simple: choose a different hashing algorithm. The .NET Framework provides plenty of other options in the System.Security.Cryptography namespace. Select one of the SHA family of algorithms. I can't imagine any reason you would have to use MD5 as opposed to one of the alternatives.