Search code examples
securityasp.net-mvc-4password-encryptionfips

PBKDF2 is a Non- FIPS Complaint Algorithm?

PBKDF2 algorithm is used in SimpleMembership provider (Universal Provider) 2.0. Is it a Non-FIPS Complaint Algorithm? Please ensure the correct solutions?

Solution

  • PBKDF2 algorithm is used in simplemembership provider(universalprovider) 2.0 is a Non- FIPS Complaint Algorithm.

    If I am reading this correctly, there are three questions here. First, you are asking about an implementation detail of SimpleMembership. Second, you are asking if PBKDF2 is approved for use in FIPS validated cryptography. Third, you are asking if SimpleMembership's PBKDF is approved for use.

    First

    I seem to recall SimpleMembership uses a non-standard PBKDF. You should be using Rfc2898DeriveBytes in System.Security.Cryptography.

    Generally speaking, the FIPS approved algorithms and validated implementations are located in System.Security.Cryptography and they are non-managed. In fact, according to KB 811833, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting effects in Windows XP and in later versions of Windows:

    Microsoft .NET Framework applications such as Microsoft ASP.NET only allow for using algorithm implementations that are certified by NIST to be FIPS 140 compliant. Specifically, the only cryptographic algorithm classes that can be instantiated are those that implement FIPS-compliant algorithms. The names of these classes end in "CryptoServiceProvider" or "Cng." Any attempt to create an instance of other cryptographic algorithm classes, such as classes with names ending in "Managed," cause an InvalidOperationException exception to occur.

    Second

    PBKDF2 is approved for use if its using an approved hash. Since Rfc2898DeriveBytes uses HMAC/SHA-1, you will not be able to use it. NIST SP800-56 and SP800-57 are pretty clear about the choice of hashes for collision resistance.

    However, your use case is a little different - SHA-1 is being used as a Pseudo Random Function (PRF). But I'm only aware of one exception where SHA-1 is allowed to be used as a PRF, and that's in TLS. The exception is a footnote in SP800-108 (IIRC).

    Third

    SimpleMembership's PBKDF is not approved for use.