Subject: Meeting the InCommon Assurance profile criteria using Active Directory
[AD-Assurance] RE: http://support.microsoft.com/kb/811833
- From: "Capehart,Jeffrey D" <>
- To: "" <>
- Subject: [AD-Assurance] RE: http://support.microsoft.com/kb/811833
- Date: Fri, 26 Apr 2013 17:43:49 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
This document does a good job of explaining the FIPS mode changes.
o By default, EFS on Windows XP RTM uses the DESX algorithm. If you enable this setting, EFS uses 168-bit 3DES encryption.
o By default, in Windows XP Service Pack 1 (SP1), in later Windows XP service packs, and in Windows Server 2003, EFS uses the Advanced Encryption Standard (AES) algorithm with a 256-bit key length. However, EFS uses the kernel-mode AES implementation. This implementation is not FIPS-validated on these platforms. If you enable the FIPS setting on these platforms, the operating system uses the 3DES algorithm with a 168-bit key length.
o In Windows Vista and in Windows Server 2008, EFS uses the AES algorithm with 256-bit keys. If you enable this setting, AES-256 will be used.
o FIPS local policy does not affect password key encryption.
This setting also affects Terminal Services in Windows Server 2003 and in later versions of Windows. The effect depends on whether TLS is being used
for server authentication.
o The RDP channel is encrypted by using the 3DES algorithm in Cipher Block Chaining (CBC) mode with a 168-bit key length.
o The SHA-1 algorithm is used to create message digests.
o Clients must use the RDP 5.2 client program or a later version to connect.
Here's that contact name ...
- [AD-Assurance] RE: http://support.microsoft.com/kb/811833, Brian Arkills, 04/26/2013
- [AD-Assurance] RE: http://support.microsoft.com/kb/811833, Capehart,Jeffrey D, 04/26/2013
Archive powered by MHonArc 2.6.16.