I used Rijndael algorithm to encrypt/decrypt my data. But it is not FIPS compatible. I want to change it to another one. Could you please give me a suggestion that which one is better? Better means:
我使用Rijndael算法来加密/解密我的数据。但它不兼容FIPS。我想把它改成另一个。能否请你给我一个更好的建议?更好的方法:
- FIPS compatible
- High security level
- This algorithm should came from dotnet 2.0 framework which provided by Microsoft.
安全性高
该算法应该来自微软提供的dotnet 2.0框架。
Thanks
-Jamebo
1 个解决方案
#1
You can use AES 256, many vendors use it and got their FIPS certification.
The thing is that is not enough to use the "proper" encryption algorithm in order to be FIPS compliant, you need to subject your system for testing by the NIST.
您可以使用AES 256,许多供应商使用它并获得FIPS认证。问题是,为了符合FIPS标准,使用“正确的”加密算法是不够的,您需要对系统进行NIST测试。
Edit: someone already did a test on all .NET 2.0 & 3.5 providers to see if they are FIPS compliant.
编辑:有人已经对所有.NET 2.0和3.5提供商进行了测试,看他们是否符合FIPS标准。
long story short:
长话短说:
Under .NET 2.0 the following are supported:
DESCryptoServiceProvider
DSACryptoServiceProvider
RSACryptoServiceProvider
TripleDESCryptoServiceProvider
在.NET 2.0下,支持以下内容:DESCryptoServiceProvider DSACryptoServiceProvider RSACryptoServiceProvider TripleDESCryptoServiceProvider
#1
You can use AES 256, many vendors use it and got their FIPS certification.
The thing is that is not enough to use the "proper" encryption algorithm in order to be FIPS compliant, you need to subject your system for testing by the NIST.
您可以使用AES 256,许多供应商使用它并获得FIPS认证。问题是,为了符合FIPS标准,使用“正确的”加密算法是不够的,您需要对系统进行NIST测试。
Edit: someone already did a test on all .NET 2.0 & 3.5 providers to see if they are FIPS compliant.
编辑:有人已经对所有.NET 2.0和3.5提供商进行了测试,看他们是否符合FIPS标准。
long story short:
长话短说:
Under .NET 2.0 the following are supported:
DESCryptoServiceProvider
DSACryptoServiceProvider
RSACryptoServiceProvider
TripleDESCryptoServiceProvider
在.NET 2.0下,支持以下内容:DESCryptoServiceProvider DSACryptoServiceProvider RSACryptoServiceProvider TripleDESCryptoServiceProvider