473,320 Members | 1,861 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Default AES Salt in ASPNET2 Site

I've written a simple membership/role provider library which I use in my websites. It works fine, and uses custom AES and SHA1 keys
in Web.config to encrypt or hash password information.

I now have a second, Windows Forms app that needs to access that same credential file, and hash/encrypt user-supplied credentials to
authenticate them. I know how to set up an SHA1 hasher or an AES (ManagedRijndael) cryptor in the windows app.

The ManagedRinjdael approach uses both a key and a salt in its operation. If you don't provide one or the other a random one is
generated each time you create an encryptor or a decryptor.

Where in the Web.config file is the AES/Rijndael salt defined? Right now my sites don't define a salt, which means they're using
some default salt value (which is clearly either defined or stored somewhere, since the membership provider can decrypt and encrypt
successfully in different sessions).

If it's not defined in the Web.config file, where is the default salt defined?

- Mark
Feb 23 '06 #1
1 1484
Problem solved. The default salt is a byte array of null/0 values.

I actually tried that before posting the question, but it turns out there's another "dependency" in using the RijndaelManaged
cryptographic provider that I wasn't aware of: if you use the same decryptor to decrypt two items in a row you get a different
result than if you use newly-created decryptors each time.

- Mark
Feb 23 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Andy | last post by:
How do you set the default printer in C#? I have added a printer and now want to set that printer to the default. Listed below is my code, but I am getting an "Invalid method Parameter(s)" error...
26
by: David Garamond | last post by:
I read that the password hash in pg_shadow is salted with username. Is this still the case? If so, since probably 99% of all PostgreSQL has "postgres" as the superuser name, wouldn't it be better...
1
by: windsurfing_stew | last post by:
Hi, We have a website which is deployed to multiple web servers by robocopy across a WAN. In visual studio 2005 if you choose to publish the site to a directory it regenerates all of the dlls...
5
by: Mark Olbert | last post by:
I'm starting to play around with VS2005 and ASP.NET 2 and have some questions. The typical pattern for a data-driven aspx page in v1.1 was data connection -> data adapter -> dataset -> bound...
8
by: Mark Olbert | last post by:
There appears to be a REALLY annoying bug in VS2005: periodically when you're rebuilding an ASPNET2 website which uses App_Code stuff the compiler will fail to create the dynamic assembly or not be...
5
by: Mark Olbert | last post by:
I'm running into a repeatable oddity in porting a bunch of ASPNET1.1 websites to ASPNET2. Calls like this: MapPath("/path/fromroot") result in exceptions under ASPNET2, but worked fine under...
0
by: Robert Easthope | last post by:
Hi I'm having some issues with the crypt(md5), I have been moving some passwords from a php4 and linux based server to a solaris machine with php5. The passwords are not readable, and some...
10
by: msnnews.msn.com | last post by:
hi there, i've got a photo gallery that programatically creates a subfolder for each gallery, if i delete the album in my site, it also deletes the subfolder, but resets my website and i lose...
1
by: orehian | last post by:
Construct a one-time password system. · Write a server code and a client code. The server code takes as input a username and a one-time password from the client and then sends a message...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.