Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How secure is ASP.NET Identity session cookie?

Of course cookies can be stolen and sessions hijacked, but how secure is the encryption itself of the session cookies (in ASP.NET Identity)? Could it be manipulated with modern hardware and a little bit of time?

I'm asking because I would like to add a claim that identifies a group, but this is only secure if the cookie is really secure. Otherwise an attacker could sign up for a legit account and then break into other groups without even stealing passwords.

like image 324
Benjamin E. Avatar asked Feb 21 '14 12:02

Benjamin E.


People also ask

Is session cookie secure?

If the session cookie doesn't have the secure attribute enabled, it is not encrypted between the client and the server, and this means the cookie is exposed to Unsecured Session Cookie hacking and abuse. Session cookies are used to perform session management for web applications.

Are ASP.NET cookies encrypted?

If the cookie was sent in plain-text, then the user could just edit the values, exposing a glaring security hole in the application. The ASP.NET Core data-protection system is used for exactly this purpose. It encrypts and decrypts sensitive data such as the authentication cookie.

Is ASP.NET Core identity secure?

NET 3.1 Secure? The short answer is “yes.” The longer answer is that — just like with any development framework — . NET Core is as safe as the development best practices and maintenance deployed to create the code and keep it updated.

Is cookie based authentication secure?

By default, Cookie-based authentication does not have solid protection against attacks, and they are mainly vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF)attacks.


1 Answers

Answer updated for .NET Framework 4 and greater:

The machineKey element which is used for:

encryption, decryption, and validation of forms-authentication data and view-state data

uses AES as the default decryption algorithm, with a minimum key length of 128 bits.

It also uses HMACSHA256 as the default for validation which is HMAC over SHA-256. A HMAC prevents a length extension attack which is a way for an attacker to append data to the value that has the hash over it in such a way that the hash still validates.

There are no known practical attacks against AES-128 (unlike 192 and 256 that can suffer from a related key attack), and SHA-256 is nowhere near being broken, although there is an academic attack against its sister SHA-1 that questions its collision resistance. Collision resistance doesn't really matter when authenticating token values, however it is theoretically one step towards breaking preimage resistance. Therefore, you can rest assured you are secure against attacks with AES-128 and HMAC SHA-256.

However, as with any encryption or hash algorithm, it will all boil down to how secure your key is. AutoGenerate and IsolateApps settings will be fine, however if you set your own make sure that they are generated by a cryptographically secure pseudo random number generator (CSPRNG) and are 128bits in length. Anything less than that means you could be compromised by a brute force attack (in theory). 128 bits means that even using every computer in the world in a distributed brute-force attack on your key would never complete in your lifetime. Of course, attackers may try and get round this by grabbing your key some other way. Keep it secure.

like image 125
SilverlightFox Avatar answered Oct 02 '22 18:10

SilverlightFox