![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 71%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
28,661 questions
Hi Osvbnet,
This isn't an official statement from Microsoft, but as far as I'm aware, WIndows 7 and above supports FIPS 140-2 via the registry key change you mention.
Here are the official instructions:
http://support.microsoft.com/kb/811833
summarised as follows:
1) Using an account that has administrative credentials, log on to the computer.
2) Click Start, click Run, type gpedit.msc, and then press ENTER.
3) In the Local Group Policy Editor, under the Computer Configuration node, double-click Windows Settings, and then double-click Security Settings.
4) Under the Security Settings node, double-click Local Policies, and then click Security Options.
5) In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
6) In the System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing dialog box, click Enabled, and then click OK to close the dialog box.
7) Close the Local Group Policy Editor.
If you wish to do this manually, you can also simply change the registry key HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 1
Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.
I hope this answers your question.
--If the reply is helpful, please Upvote and Accept as answer--