IsolatedRaygunOfflineStorage.cs uses MD-5 which causes FIPS compliance errors when FIPS compliance is set on a computer

[DanFTRX]

https://github.com/MindscapeHQ/raygun4net/blob/master/Mindscape.Raygun4Net/Storage/IsolatedRaygunOfflineStorage.cs uses MD-5 for its hashes, while not strictly incorrect, the FIPS compliance flag on windows disallows all usage of MD-5, even for those that do not require cryptographic security. Could this be switched to use either a FIPS compliant cryptographic has such as SHA-1/SHA-256 to avoid this incompatability.

[mduncan26]

Hi @DanFTRX

Thank you for raising this issue with us. You raise a good point about switching to a FIPS compliant algorithm. I will raise this as an item to address on our roadmap with the wider team. I do not have an estimate on when this issue will be picked up, however we are always open to reviewing and releasing PR requests from the community. We will update this thread when this issue has been picked up and resolved.

Thank you,
Mitchell.

[DanFTRX]

@mduncan26 I would have no issue writing up a PR for this, I would just need to know if preserving older data a must (Changing the hash would result in a different folder name for offline storage, thereby losing the contents of the old one)

Personally I would think think that preserving older data is a non-issue as in most cases there is no older data.

[mduncan26]

Hi @DanFTRX

We do not believe there is a need to preserve the old data as well. It would be great if there is a piece of logic that does tidy this up. However when we release these changes we will mention the need for customers to be aware the folder is changing location.

In terms of the algorithm used. There is no need for it to be cryptographic as long as it is FIPS compliant and sufficiently obscures the customers API key. As long as the algorithm chosen is compatible for the widest audience then there shouldn't be an issue from our side.

Thank you,
Mitchell.