In my view, SHA2 is a better algorithm, and I would expect that if the requirement was for SHA1, that you would still be OK if you were using a SHA2 based algorithm that has been certified (I think Christopher Painter replied with a link that described some of the certified implementations).
... At least that has always been the case for the places I have consulted, your situation might be different. -----Original Message----- From: Jonathan Racine [mailto:jonathan.rac...@hybris.com] Sent: Friday, April 19, 2013 2:14 PM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Bundle creation error using FIPS >From what I can get out of the Domain Policies, only the SHA-2 algorithms were >enabled. Official reason given is for PCI-Compliance. At this point would >that become a feature request in order to make the brun behave correctly using >SHA1 or SHA2 ? Jonathan Racine Global Network Specialist Phone +1 514 866 2664 x343 Mobile +1 438 985 3198 jonathan.rac...@hybris.com hybris Canada, Inc 999 de Maisonneuve Boulevard West 3rd Floor Montreal, Quebec, Canada H3A 3L4 Fax +1 514 866 8404 www.hybris.com ADIDAS, TOYS"R"US, ERICSSON, LEVI'S, REXEL, BOBCAT, BRIDGESTONE, ENTERTAINMENT, TAYLORMADE, et.al. - successful companies trust in hybris. -----Original Message----- From: John H Bergman (XPedient) [mailto:john.berg...@xpdnt.com] Sent: April-19-13 1:44 PM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Bundle creation error using FIPS FIPS 180-1 indicates SHA-1 FIPS 180-2 indicates SHA-2 FIPS 180-4 makes this statement: This Standard specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 264 bits (for SHA-1, SHA-224 and SHA-256) or less than 2128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). Most of my clients prefer SHA-256 or SHA-384 depending on the characteristics of the data (I believe they are both SHA-2 algorithm based) -----Original Message----- From: Rob Mensching [mailto:r...@robmensching.com] Sent: Friday, April 19, 2013 12:26 PM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Bundle creation error using FIPS Does FIPS require SHA2 now? Burn currently expects SHA1 hashes. On Fri, Apr 19, 2013 at 7:35 AM, Jonathan Racine <jonathan.rac...@hybris.com > wrote: > Hi All, > Using Wix toolset 3.7 or 4.0.12, I have created a really simple bundle > application using the WixStandardBootsrapper and am getting a stack > trace error because of FIPS. > > Here is what the bundle looks like : > <Wix xmlns="http://wixtoolset.org/schemas/v4/wxs";> > <Bundle Name="Bootstrap" Version="1.0.0.0" Manufacturer="Bootstrap" > UpgradeCode="26CFE5FB-8CAA-4575-A58A-8994C39FF382" > > <BootstrapperApplicationRef > Id="WixStandardBootstrapperApplication.RtfLicense" /> > <Chain> > <MsiPackage Id="VPNClient" SourceFile="Setup.msi" > Name="HybrisSSL.msi" /> > </Chain> > </Bundle> > </Wix> > > Candle.exe compilation works fine (using the -fips parameter). But > light fails with the following : > light.exe : error LGHT0001 : This implementation is not part of the > Windows Platform FIPS validated cryptographic algorithms. > > Exception Type: System.InvalidOperationException > > Stack Trace: > at System.Security.Cryptography.SHA1Managed..ctor() > at WixToolset.Common.GetFileHash(FileInfo fileInfo) > at WixToolset.PayloadInfoRow.ResolvePayloadInfo(IPayloadInfo > payloadInfo) > at WixToolset.PayloadInfoRow.FillFromPayloadRow(Output output, Row > payloadRow) > at WixToolset.Binder.BindBundle(Output bundle, String bundleFile) > at WixToolset.Binder.Bind(Output output, String file) > at WixToolset.Tools.Light.Run(String[] args) > > Is FIPS implemented to Burn yet or is it still in the works ? > > Thanks for your help! > > Jonathan > > ---------------------------------------------------------------------- > -------- Precog is a next-generation analytics platform capable of > advanced analytics on semi-structured data. The platform includes APIs > for building apps and a phenomenal toolset for data science. > Developers can use our toolset for easy data analysis & visualization. > Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > > ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
