LIMS-plus v5 uses the AesCrypto ServiceProvider class of the Microsoft .Net framework for password encryption, which performs symmetric encryption and decryption using the Cryptographic Application Programming interfaces (CAPI) implementation of the Advanced Encryption Standard (AES) algorithm.
The following information appears on the Microsoft website:
In Windows XP and in later versions of Windows, if you enable the following security setting either in the Local Security Policy or as part of the Group Policy, you inform applications that they should only use cryptographic algorithms that are FIPS 140 compliant and in compliance with FIPS approved modes of operation.:
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
When this security setting is active, Microsoft .NET framework applications such as Microsoft ASP.NET only allow for using algorithm implementations that are certified by NIST to be FIPS 140 compliant. Specifically, the only cryptographic algorithm classes that can be instantiated are those that implement FIPS-compliant algorithms. The names of these classes end in "CryptoServiceProvider" or "Cng."
FIPS-compliant classes in the System.Security.Cryptography namespace within the System.Core (in System.Core.dll) assembly include:
- AesCryptoServiceProvider (first implemented in .NET Framework 3.5)
- SHA256CryptoServiceProvider (first implemented in .NET Framework 3.5)
- SHA384CryptoServiceProvider (first implemented in .NET Framework 3.5)
- SHA512CryptoServiceProvider (first implemented in .NET Framework 3.5)