Last post Apr 17, 2017 03:57 PM by mgebhard
Apr 17, 2017 12:08 PM|santhoshnatarajan86|LINK
My asp.Net application runs in a webfarm setup with the following configuration
<machineKey validationKey="<128 character hexadecimal key>" decryptionKey="<64 character hexadecimal key>" validation="SHA1" decryption="AES"/>
I would like to change to SHA256 for security reasons. I was also able to create the HMACSHA256 keys thru a utility project.
The question is: What is ValidationKey and DecryptionKey? Should it be different or same? If it is different, what difference?
Thanks in advance!!!
Apr 17, 2017 03:19 PM|mgebhard|LINK
This information is documented on MSDN.
Apr 17, 2017 03:41 PM|santhoshnatarajan86|LINK
Thanks for your response. I understand the machineKey tag itself and its attributes.
My question is lets say I have decided to use the 64bit (256bit - SHA256) key. Then should I have 2 keys one for validationkey and one for encryptionKey?
Apr 17, 2017 03:57 PM|mgebhard|LINK
Confused... the document is extremely clear and explains each attribute. I have no idea what kind of app you have or what features you are using. You probably need both keys. You can make them the same if you like.