Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > webfarm + machinekey + crypto/hashing

Thread Tools

webfarm + machinekey + crypto/hashing

Posts: n/a
Hi, we have had an application live in production for 6 months, it
uses crypto/hashing in the following ways:

1- membership provider default password hash

2- membership provider security answer

3- viewstate mac (unknowingly)

4 - byte[] encryptedBytes = ProtectedData.Protect(encodedBytes,
EncryptionEntropy, DataProtectionScope.LocalMachine);

We want to move systems and put them in a webfarm.

We do NOT have machinekey defined in the web.config. Can someone tell
me are we hosed in all these cases? If we add a machine or move
machines, will we be able to hash passwords using same salt, hash
answers using same salt, and the data we have encrypted using #4 be
able to decrypt? What machinekey was used for these by default if we
didnt specify? Is hashing ok, but not encryption?

It seems like we can login on the new system, so somehow the hashing
must be portable....

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Odd MachineKey Error? Ron ASP .Net 8 11-15-2006 12:16 PM
Custom MembershipProvider Index out of bounds/machineKey Mark Olbert ASP .Net 1 01-25-2006 06:46 AM
MachineKey =?Utf-8?B?U1RlY2g=?= ASP .Net 4 10-27-2004 01:11 AM
machineKey values: how? TK ASP .Net 3 04-19-2004 03:18 PM
Changing machineKey in live production site Zoe Hart ASP .Net 2 03-05-2004 06:33 PM