Hi Dave,
Please note the SHA1 and MD5 are used to tamper proof ViewState and, if
configured, the forms authentication ticket. Only the AES and 3DES are
supported to encrypt ViewState:
#How To: Configure MachineKey in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998288.aspx
<quote>
SHA1¨CSHA1 is used to tamper proof ViewState and, if configured, the forms
authentication ticket. When SHA1 is selected for the validation attribute,
the algorithm used is HMACSHA1.
MD5¨CMD5 is used to tamper proof ViewState and, if configured, the forms
authentication ticket.
AES¨CAES is used to encrypt ViewState with the key specified in the
decryptionKey attribute.
3DES¨C3DES is used to encrypt ViewState with the key specified in the
decryptionKey attribute. This is the only way to encrypt ViewState in
ASP.NET 1.1. Both the forms authentication ticket and the ViewState are
tamper-proofed using SHA-1 and the key specified in the validationKey
attribute. Because the validation attribute is overloaded in ASP.NET 1.1,
ASP.NET 2.0 introduces a new decryption attribute.
</quote>
Also, it's recommended to use AES instead of 3DES:
#You may receive an error message when you access ASP.NET Web pages that
have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0
http://support.microsoft.com/kb/911722
<quote>
Theoretically, the 3DES algorithm is less secure than the AES (Rijndael)
algorithm. We recommend that you use the AES algorithm whenever possible to
help secure your system.
</quote>
Hope this helps.
Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.