Of course cookies can be stolen and sessions hijacked, but how secure is the encryption itself of the session cookies (in ASP.NET Identity)? Could it be manipulated with modern hardware and a little bit of time?
I’m asking because I would like to add a claim that identifies a group, but this is only secure if the cookie is really secure. Otherwise an attacker could sign up for a legit account and then break into other groups without even stealing passwords.
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Answer updated for .NET Framework 4 and greater:
machineKey element which is used for:
encryption, decryption, and validation of forms-authentication data
and view-state data
uses AES as the default decryption algorithm, with a minimum key length of 128 bits.
It also uses
HMACSHA256 as the default for validation which is HMAC over SHA-256. A HMAC prevents a length extension attack which is a way for an attacker to append data to the value that has the hash over it in such a way that the hash still validates.
There are no known practical attacks against AES-128 (unlike 192 and 256 that can suffer from a related key attack), and SHA-256 is nowhere near being broken, although there is an academic attack against its sister SHA-1 that questions its collision resistance. Collision resistance doesn’t really matter when authenticating token values, however it is theoretically one step towards breaking preimage resistance. Therefore, you can rest assured you are secure against attacks with AES-128 and HMAC SHA-256.
However, as with any encryption or hash algorithm, it will all boil down to how secure your key is. AutoGenerate and IsolateApps settings will be fine, however if you set your own make sure that they are generated by a cryptographically secure pseudo random number generator (CSPRNG) and are 128bits in length. Anything less than that means you could be compromised by a brute force attack (in theory). 128 bits means that even using every computer in the world in a distributed brute-force attack on your key would never complete in your lifetime. Of course, attackers may try and get round this by grabbing your key some other way. Keep it secure.