I'm developing an ASP.NET application and for various reasons that are too lengthy to discuss here, using FormsAuthentication to handle login will not work. Therefore, I needed an alternate way to encrypt login data before storing it into a cookie (if the
user decides to save their username and password for future visits to my site) and stumbled across RijndaelManaged.
However, I need some information on how to securely generate a Key, an Initialization Vector, and a Salt.
All of the examples on the web show code that either uses the default randomly-generated values in the RijndaelManaged object, which is an unrealistic solution since the RijndaelManaged object will be lost as soon as the method ends and I need to be able
to decrypt the cookies days or even weeks later, or they hard code these values into the source code, which is insecure.
View Complete Post