WinSecWiki > Security Settings > Local Policies > Security Options > System Cryptography > Use FIPS compliant algorithms for encryption, hashing, and signing

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

FIPS stands for Federal Information Processing Standards 140-1 and 140-2. This setting impacts many if not all features of windows that use cryptography and impose minimum encryption algorithm and key length requirements.

Windows component	Impact
TLS/SSL (secure http and other secure sockets layer communication)	Restricted to Triple DES encryption algorithm for the TLS traffic encryption, only the Rivest, Shamir, and Adleman (RSA) public key algorithm for the TLS key exchange and authentication, and only the Secure Hashing Algorithm 1 (SHA-1) for the TLS hashing requirement
Encrypting File System (EFS)	Triple Data Encryption Standard (DES) encryption algorithm for encrypting file data supported by the NTFS file system
Terminal Services	Triple DES encryption algorithm for encrypting terminal services network communication
IPsec	Triple DES

Bottom line

Don’t enable this unless you really have to for FIPS compliance. It is likely to break some things – basically any application or feature that uses a non compliance algorithm such as MD5 or DES.

Upcoming Webinars

Additional Resources

System Cryptography

•	Force strong key protection for user keys stored on the computer
•	Use FIPS compliant algorithms for encryption, hashing, and signing

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.