what algorithms will be supported when FIPS compliant algorithms are required (hi security systems). will they be used by IIS when SSL/TLS is required for a web site?

from: http://support.microsoft.com/kb/811834/ System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.If this setting is enabled, the security channel provider of the operating system is forced to use only the following security algorithms: TLS_RSA_WITH_3DES_EDE_CBC_SHA. This behavior forces the security channel provider to negotiate only the stronger Trasnport Layer Security (TLS) 1.0 protocol when you use applications such as Microsoft Windows Messenger, Microsoft MSN Messenger, and Internet Explorer to visit SSL sites.

If this is a Vista / Longhorn specific question. The list below is the cipher suites we support in FIPS mode: TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 TLS_DHE_DSS_WITH_AES_128_CBC_SHA The other article applies only to Win2K3 and downlevel. Vista supports AES and ECC algorithms which are FIPS compliant.

thanks for the info. are there any plans to update the FIPS algorithms on 2003 Server or XP?

Jodanser, Unfortunately the underlying CAPI cryptosystem does not support AESand so Schannel could not.I am pretty sure there are no plans to backport AES and ECC - unfortunately:( We have moved away from CAPI to CNG (http://windowssdk.msdn.microsoft.com/en-us/library/ms720822(vs.80).aspx) The good news is Vista and Longhorn are just around the corner !!! Thanks, Jeremy

This program to encrypt text messages and documents more strongly than 9000-bit character One, as you can encrypt any language you want in the world the same message, but for Of the algorithm is a new algorithm YAz ,,,,,,,,, One of the main features and characteristics of the encryption algorithm YAz -Encryption strength more than 9000 bits. -Dealing with (Binary Code & ASCII Code) to encrypt the character. -Use 18 a matrix, each matrix contains 200 symbols of a complex compound. -The length of the number of symbols the encrypted message does not mean that -the number of characters along the original letter (probably more or less). -To deal with all the languages of the world encrypted in a single message -The ability to distinguish the original message and non-authentic. -The allocation of the key and one or more of the person / group. -Use HEX Code to encrypt the files. -Indivisible character of 2-8 parts and encode each part separately. -Repeat the process of encryption itself with symbols of other symbols (specific user). -Repeated use of the icon for more than one character, according to its location in the message. -Allow selection of the type of encryption or Binary Code ASCII Code. -Allow selection of the number of repeating the process of encryption. -Allow digital selection of the key length. -Allow selection of the length of digital fingerprint. -Allow selection of the length of the digital signature. To More Datials And Free Download: www.newatsys.com