Microsoft no longer recommends "FIPS mode"

Microsoft no longer recommends using "FIPS mode" on their operating systems.

FIPS is the United States Federal Information Processing Standard , which defines the cryptographic algorithms approved for use by US Federal government computer systems.

Enabling FIPS mode in Windows enforces the use of only FIPS-validated cryptographic algorithms.

Why doesn't Microsoft recommending using FIPS mode any more? There's multiple reasons, but one is that the .NET framework that most Microsoft applications are coded in supplies both FIPS and non-FIPS versions of the same cryptographic algorithms. The non-FIPS versions have been available much longer (and so are used more widely) and are usually much faster. If FIPS mode is enabled, the non-FIPS algorithms throw an error and the application fails.

So basically, if FIPS mode is enabled, most applications using cryptographic functionality fail.

More details can be found here.

Posted by John Faulds in