1. Prabal awasthi
  2. PowerBuilder
  3. Thursday, 6 July 2023 07:58 AM UTC

How PowerBuilder development environment meets the encryption requirements of the Federal Information Processing Standard (FIPS).

This is new for me and client asked us to follow FIPS compliance. My question is -

Does PowerBuilder supports FIPS? If Yes then how can i check/validate this. And if No then what would be the workaround for this?

 

thanks

Prabal 

 

 

Accepted Answer
Miguel Leeuwe Accepted Answer Pending Moderation
  1. Thursday, 6 July 2023 08:49 AM UTC
  2. PowerBuilder
  3. # Permalink

Hi,

Just my 2cts. Not an expert, but as far as I know, "FIPS compliant" and "FIPS validated" are terms used for encryption algorithms (only?).

I've just spend several days modifying our .Net code. We were using RijndaelManaged() for encryption, but that turns out to be Outdated. So I changed everything to AesManaged(). Still not FIPS compliant. It turned out that all ...Managed() encryption options of .Net are non compliant.

So in the end I changed everything to be "AesCryptoServiceProvider()" and that does seem to be fips compliant. (Let's see until when, because Microsoft likes to change stuff).

Now I know that I'm talking about .Net here and not Powerbuilder. If you look up the information on "Crypterobject" in the pb help, you'll see several encryption and decryption functions.

Just try them out, after setting your Registry setting:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy Enabled = 0x00000001

Not sure if there's anything else than encryption that could be FIPS compliant or not. Anyone?

regards.

Comment
  1. Miguel Leeuwe
  2. Thursday, 6 July 2023 08:57 AM UTC
This page explains quite well: https://www.sdxcentral.com/security/definitions/data-security-regulations/what-does-mean-fips-compliant/

Just click on the annyoying popup that comes up and you can then read everything.
  1. Helpful 1
  1. Miguel Leeuwe
  2. Thursday, 6 July 2023 08:59 AM UTC
Is your customer a government related entity? There's people saying that FIPS compliance can make you LESS secure.

Just read this post: https://www.howtogeek.com/245859/why-you-shouldnt-enable-fips-compliant-encryption-on-windows/

  1. Helpful 1
  1. Miguel Leeuwe
  2. Thursday, 6 July 2023 09:02 AM UTC
Text from the previous link:

"It may sound like a way to boost your PC’s security, but it isn’t. You shouldn’t enable this setting unless you work in government or need to test how software will behave on government PCs.

"
  1. Helpful 1
There are no comments made yet.


There are replies in this question but you are not allowed to view the replies from this question.