我在 Windows 操作系统的安全策略设置中启用了 FIPS 本地/组安全策略标志,但我不知道如何在 asp.net 中使用 FIPS 140-2 兼容随机数生成器生成 session ID。是否涉及编码或设置FIPS Local/Group Security Policy Flag后自动生成?
最佳答案
Effects of Setting FIPS Local/Group Security Policy Flag
When setting the FIPS local/group security policy flag, the behavior of several Microsoft components and products are affected. The most noticeable difference will be that the components enforcing this setting will only use those algorithms approved or allowed in FIPS mode. The specific changes to the products listed above are:
...
Any Microsoft .NET Framework applications, such as Microsoft ASP.NET or Windows Communication Foundation (WCF), only allow algorithm implementations that are validated to FIPS 140, meaning only classes that end in "CryptoServiceProvider" or "Cng" can be used. Any attempt to create an instance of other cryptographic algorithm classes or create instances that use non-allowed algorithms will cause an InvalidOperationException exception.
https://technet.microsoft.com/en-us/library/security/cc750357.aspx
关于c# - 如何在 asp.net 中使用符合 fips 140-2 标准的随机数生成器生成 session ID,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34135355/