webfarm + machinekey + crypto/hashing

Discussion in 'ASP .Net Security' started by joelkeepup, Jul 23, 2008.

  1. joelkeepup

    joelkeepup Guest

    Hi, we have had an application live in production for 6 months, it
    uses crypto/hashing in the following ways:

    1- membership provider default password hash

    2- membership provider security answer

    3- viewstate mac (unknowingly)

    4 - byte[] encryptedBytes = ProtectedData.Protect(encodedBytes,
    EncryptionEntropy, DataProtectionScope.LocalMachine);

    We want to move systems and put them in a webfarm.

    We do NOT have machinekey defined in the web.config. Can someone tell
    me are we hosed in all these cases? If we add a machine or move
    machines, will we be able to hash passwords using same salt, hash
    answers using same salt, and the data we have encrypted using #4 be
    able to decrypt? What machinekey was used for these by default if we
    didnt specify? Is hashing ok, but not encryption?

    It seems like we can login on the new system, so somehow the hashing
    must be portable....

    thanks
    Joel
    joelkeepup, Jul 23, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Zoe Hart
    Replies:
    2
    Views:
    592
    Zoe Hart
    Mar 5, 2004
  2. TK

    machineKey values: how?

    TK, Apr 16, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    874
    Jim Cheshire [MSFT]
    Apr 19, 2004
  3. =?Utf-8?B?U1RlY2g=?=

    MachineKey

    =?Utf-8?B?U1RlY2g=?=, Oct 6, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    654
    Steven Cheng[MSFT]
    Oct 27, 2004
  4. Ron

    Odd MachineKey Error?

    Ron, Oct 13, 2004, in forum: ASP .Net
    Replies:
    8
    Views:
    2,228
    claudineduplessis
    Nov 15, 2006
  5. Mark Olbert
    Replies:
    1
    Views:
    438
    Luke Zhang [MSFT]
    Jan 25, 2006
Loading...

Share This Page