I am having some trouble understanding the documentation on machinekey. What algorithm is being used to encrypt/decrypt the forms authentication ticket when the decryption attribute is not set. I have:
<machineKey validationKey="128CharacterKey" decryptionKey="48CharacterKey" validation="3DES"/>
I found some documentation saying that if the decryption attribute was not specifically set it would use the value in the validation attribute. I also found something saying it would use SHA-1. Yet another articles said it would be based on the size of the value in the decryptionKey.
Which algorithm is it using?
On a side note, which algorithm are most people using nowadays AES, 3DES, SHA1, etc?