How to compute MD5 value as if you are using the System.Security.Cryptography.MD5 class

Question

In my application a CRC value is computed for a file by using the System.Security.Cryptography.MD5 (C#). It is used as a compact digital fingerprint.

The MD5 class is declared non-FIPS compliant and "everything" works fine if the following Windows Local Policy is disabled: "System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing".

Now, I need to enable the above System Policy, but the MD5 class fails when called.. Is there a way to compute the CRC value exactly as if you are using the System.Security.Cryptography.MD5?

Thanks in advance, regards

Answer 1

As Damien_The_Unbeliever mention above, your requirements are incompatible. But a slightly more detailed answer would be "yes and no".

No: MD5 should not be used any more as there are known collisions. It is broken for pretty much all cryptographic purposes. If those fingerprints are used in any security relevant context then you're well advised to change to a secure hash function. SHA2 and SHA3 are secure and FIPS certified. Switching an entire application to a different hash function may cause you some pain now but the alternative is more pain later.

Yes: It is possible - you could reimplement MD5 yourself or use a library that does not check for the Windows policy. All you'd have to do is ensure a correct data format. However, I would strongly advise against this option. MD5 is broken.

Since you've stated that you have to enable the policy for FIPS compliant cryptography, I would assume that this is either a customer or sales requirement which leaves you with no choice but to switch to SHA2 or SHA3.