Two years ago, our support team received a request from a customer, which said that our product doesn’t works in a specific machine.
After further investigations we found the problem, but it was very difficult to detect what’s exactly make this machine different from others and which configuration cause the problem?
The source of the problem was this registry key :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
What’s fips in this registry key is related to?
From Wikipedia:
Federal Information Processing Standards (FIPS) are publicly announced standardizations developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract. The purpose of FIPS is to ensure that all federal government and agencies adhere to the same guidelines regarding security and communication.
The FIPS 140-2 is used to accredit cryptographic modules. And MD5 is not FIPS compliant.
By default the FIPS mode is disabled in windows machines, however the user could enable it if he want, and if so, your software will stop running as expected if you use the MD5 hash algorithm.
Microsoft doesn’t recommend enabling FIPS as explained in this article, but the possibility to enable it still exist and we cannot force our customers to disable it.
In our case we are lucky that the customer helped us to understand this issue, but in many cases it will be very difficult to understand its origin.
As conclusion it’s better to avoid the MD5 hashing algo for windows developement.