“For SHA1,set the validationKey to 64 bytes (128 hexadecimal characters).
For AES,set the decryptionKey to 32 bytes (64 hexadecimal characters).
For 3DES,set the decryptionKey to 24 bytes (48 hexadecimal characters).”
“validationKey specifies a manually
assigned validation key. This value
must be manually set to ensure
consistent configuration across a
network of Web servers (a Web farm).
The key must be a minimum of 40
characters (20 bytes) and a maximum of
128 characters (64 bytes) long. If
keys shorter than the maximum length
are used,they should be created by a
truly random means,such as by using
RNGCryptoServiceProvider. The
recommended key length is 128
hexadecimal characters. If you add the
IsolateApps modifier to the
validationKey value,ASP.NET generates
a unique encrypted key for each
application using each application’s
application ID.”
“decryptionKey specifies a manually assigned key. This value must be manually set to a string of hexadecimal characters to ensure consistent configuration across a Web farm. The key should be 16 characters in length when using DES encryption and 48 characters in length when using Triple DES encryption. If keys shorter than the maximum length are used,they should be created by a truly random means,such as by using RNGCryptoServiceProvider. ASP.NET can use Triple DES only on computers on which 128-bit encryption is available. If you add the IsolateApps modifier to the decryptionKey value,ASP.NET generates a unique encrypted key for each application using each application’s application ID.”
