Loftware doesn't support FIPS mode

Problem

The United States Federal Information Processing Standard (FIPS) 140 is a U.S. government computer security standard for cryptographic algorithms that protect sensitive data. FIPS defines specific encryption methods that can be used for data protection. FIPS also defines methods for generating encryption keys. An algorithm is considered FIPS 140-compliant only if it passes the National Institute of Standards and Technology (NIST) validation.

Enabling FIPS mode in Windows settings forces Windows to use only FIPS-validated encryption methods. After enabling FIPS mode, Windows can no longer use other (and newer) encryption methods.

Loftware uses encryption algorithms that have not been submitted to NIST for validation. Microsoft .NET Framework blocks access to algorithms that aren’t FIPS-validated. Loftware is built on .NET Framework. When Loftware tries to use a non-validated algorithm with FIPS mode enabled, the Framework raises an exception and does not allow the algorithm to be used.

Solution

Loftware uses the following encryption methods:

• AESManaged. Loftware uses this method for applications to encrypt data and communications.

• WinZipAes256. Loftware uses this method to open and savelabel (.NLBL) and solution (.NSLN) files.

• DPAPI. Loftware uses this method for encryption of sensitive data in web.config files for Web-based Loftware software.

To run Loftware on government Windows computers, list Loftware as excluded software. Disable FIPS mode when you work with NiceLabel.

Additional reading:

• Microsoft Security Guidance blog: Why We’re Not Recommending “FIPS Mode” Anymore.

• For a comprehensive explanation of FIPS effects, see Microsoft KB 811833.