MD5CryptoServiceProvider FIPS compliance

Question

Any ideas why MD5CryptoServiceProvider isn't throwing a FIPS compliance error. I'm using Win7 and the 3.5 framework. The MS documentation says its not FIPS compliant, but I'm not getting an exception like I was with some of the other algorithms.

--Update--
I get the FIPS exception from a console app, but not my ASP.Net app

Answer 1

Perhaps the web site has disabled the FIPS checking using something like this in web.config:

<configuration>
    <runtime>
        <enforceFIPSPolicy enabled="false"/>
    </runtime>
</configuration>

Do you have the same behaviour when you run the app in the ASP.NET development web server vs. IIS?

This guy had the opposite problem: enforceFIPSPolicy flag in web.config doesn't seem to working for web application