Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

security - How secure is ASP.NET Identity session cookie?

Of course cookies can be stolen and sessions hijacked, but how secure is the encryption itself of the session cookies (in ASP.NET Identity)? Could it be manipulated with modern hardware and a little bit of time?

I'm asking because I would like to add a claim that identifies a group, but this is only secure if the cookie is really secure. Otherwise an attacker could sign up for a legit account and then break into other groups without even stealing passwords.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Answer updated for .NET Framework 4 and greater:

The machineKey element which is used for:

encryption, decryption, and validation of forms-authentication data and view-state data

uses AES as the default decryption algorithm, with a minimum key length of 128 bits.

It also uses HMACSHA256 as the default for validation which is HMAC over SHA-256. A HMAC prevents a length extension attack which is a way for an attacker to append data to the value that has the hash over it in such a way that the hash still validates.

There are no known practical attacks against AES-128 (unlike 192 and 256 that can suffer from a related key attack), and SHA-256 is nowhere near being broken, although there is an academic attack against its sister SHA-1 that questions its collision resistance. Collision resistance doesn't really matter when authenticating token values, however it is theoretically one step towards breaking preimage resistance. Therefore, you can rest assured you are secure against attacks with AES-128 and HMAC SHA-256.

However, as with any encryption or hash algorithm, it will all boil down to how secure your key is. AutoGenerate and IsolateApps settings will be fine, however if you set your own make sure that they are generated by a cryptographically secure pseudo random number generator (CSPRNG) and are 128bits in length. Anything less than that means you could be compromised by a brute force attack (in theory). 128 bits means that even using every computer in the world in a distributed brute-force attack on your key would never complete in your lifetime. Of course, attackers may try and get round this by grabbing your key some other way. Keep it secure.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...