TripleDESCryptoServiceProvider FIPS 140-2 Compliance
FIPS 140-2 certification applies to both algorithms and modules. Algorithm implementations get certified by passing a series of test cases. Modules get certified when they meet all FIPS requirements. One such requirement is to provide cryptographic services only with FIPS-certified algorithms (and non-FIPS-certified algorithms used in a FIPS-approved manner like Diffie-Hellman key exchange).
Triple-DES is a FIPS-certified algorithm, and therefore can obtain a FIPS certificate. That's one piece of the puzzle.
The next piece is finding out what module is providing Triple-DES, and whether that module is FIPS certified. You already linked to the page where Microsoft lists all their FIPS-approved modules. That's got all you need to know. I think as of Windows Vista everything ultimately goes through bcrypt.dll
.
Of course, you can go straight to the source and search modules yourself. Take, for instance, certificate #1001 for Microsoft's bcrypt.dll
in Windows Vista. You can see that this module has obtained an algorithm certificate for its Triple-DES implementation (Cert. #656), so you can use Triple-DES from this module.
So how do you know you're using the FIPS-certified module? You enable FIPS mode in Windows. If you don't enable FIPS mode, you aren't using a FIPS-certified algorithm in a FIPS-approved mode of operation. On Windows, if you try to use a non-FIPS algorithm while in FIPS mode, you'll get an exception.
Bringing me to my last point that a good way to find out whether an algorithm is approved for use in FIPS mode is to turn on FIPS mode and try it!
By the way, this Triple-DES certificate page lists all approved Triple-DES modes of operation:
ECB = TDEA Electronic Codebook
TCBC = TDEA Cipher Block Chaining
TCBC-I = TDEA Cipher Block Chaining - Interleaved
TCFB = TDEA Cipher Feedback
TCFB-P = TDEA Cipher Feedback - Pipelined
TOFB = TDEA Output Feedback
TOFB-I = TDEA Output Feedback - Interleaved
And the following Keying Options.
KO 1 = Three-key Triple DES
KO 2 = Two-key Triple DES
This has a list of FIPS compliant algorithms.
FIPS compliant Algorithms:
Hash algorithms
HMACSHA1
MACTripleDES
SHA1CryptoServiceProvider
Symmetric algorithms (use the same key for encryption and decryption)
DESCryptoServiceProvider
TripleDESCryptoServiceProvider
Asymmetric algorithms (use a public key for encryption and a private key for decryption)
DSACryptoServiceProvider
RSACryptoServiceProvider
I've also asked a similar question about AES.