I like using the best encryption quality that is readily available, it gives me a warm glow. As stated in the previous post, you can force Windows to require the use of only FIPs compliant encryption libraries. I have been using this registry switch on my local box to ensure that the application I am developing ticks the correct boxes so imagine my surprise when deploying to Windows Azure and receiving the following error:

Error    104    The "CSPack" task failed unexpectedly.
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.SHA256Managed..ctor()
at Microsoft.ServiceHosting.Tools.Packaging.PackageManifest..ctor(IPackageSecurity rsa, EncryptionType encryptionType)
at Microsoft.ServiceHosting.Tools.Packaging.PackageCreator..ctor(String serviceModelFile, String serviceDescription, IPackageSecurity encrypt, Dictionary`2 namedPackageCollection, String versionInfo)
at Microsoft.ServiceHosting.Tools.Packaging.ServiceApplicationPackage.CreateServiceApplicationPackage(String serviceModelFileName, String serviceDescriptionFile, Stream output, IPackageSecurity encrypt, Dictionary`2 namedStreamCollection, String userInfo, EventHandler`1 rolePackagePartAddedHandler)
at Microsoft.ServiceHosting.Tools.MSBuildTasks.CSPack.TryCreatePackage(ServiceDefinitionModel sm)
at Microsoft.ServiceHosting.Tools.MSBuildTasks.CSPack.Execute()
at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()
at Microsoft.Build.BackEnd.TaskBuilder.<ExecuteInstantiatedTask>d__20.MoveNext() C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v11.0\Windows Azure Tools\1.8\Microsoft.WindowsAzure.targets 2873 5 CloudApp

Well not really complete surprise, since the FIPs switch prohibits the use of the "...Managed" libraries in .Net, whereas we should be using the "...CryptoServiceProvider" libraries instead. Of course, I have no control over the Azure deployment but I don't really understand why MS would use the non-FIPs library when there is a FIPs compliant one available. Perhaps the FIPs variants do something nasty with unmanaged libraries... Anyway, solution was to disabled the FIPs checking in the registry and try again!