In ASP.NET 4, the default hash algorithm has been changed to HMACSHA256 . I know that the decryption key is used for forms authentication and for the new ASP.NET identifier cookie authentication. Is the validation key used for anything other than validation in the view on web forms?
The reason I ask is that we use static machine keys in a number of applications, and they still use SHA1 for verification.
source
share