Answer updated for .NET Framework 4 and higher:
The machineKey element that is used for:
encryption, decryption and verification of form authentication data and presentation state data
uses AES as the default decryption algorithm with a minimum key length of 128 bits.
It also uses HMACSHA256 as the default value for validation, which is HMAC over SHA-256. The HMAC prevents a length extension attack , which allows an attacker to add data to a value that has a hash above it, so that the hash still checks.
There are no known practical attacks against AES-128 (unlike 192 and 256, which may suffer from a related attack from an academic attack against her sister SHA-1 , which asks the collision resistance . Collision resistance does not really matter when authenticating token values However, theoretically, this is one step towards breaking the resistance , so you can be sure that you are safe from attacks with AES-128 and HMAC SHA-256.
However, as with any encryption or hashing algorithm, it all comes down to how secure your key is. The AutoGenerate and IsolateApps settings will be fine, but if you install your own, make sure that they are created by a cryptographically robust pseudo random number generator (CSPRNG) and are 128 bits long. Something less than this means that you can be compromised by a brute force attack (theoretically). 128 bits means that even the use of every computer in the world in a distributed brute-force attack on your key will never end in your life. Of course, attackers can try to get around this by grabbing their key in some other way. Keep it safe.
Silverlightfox
source share