What cipher does MachineKey.Protect() use?

Question

I've just come across the MachineKey.Protect() method. I've not seen this before (a contractor introduced it into the code base). It seems interesting but the documentation on what it's doing is a little sparse.

I'm not really one for blindly following Microsoft's lead without a little investigation so I tried to find docs on how this works, what ciper does it use, how big is the key, how's the key generated, etc. But the doc's contain surprisingly little information and I couldn't find any other information on how this is implemented:

This method supersedes the Encode method, which requires the caller to specify whether the plaintext data should be encrypted, signed, or both. The Protect method performs the appropriate operation and securely protects the data. Ciphertext data produced by this method can only be deciphered by the Unprotect method.

The purposes parameter is an optional list of reasons that can lock the ciphertext to a specific purpose. This parameter lets you isolate cryptographic operations performed by different subsystems within an application. A malicious client should not be able to get the result of one subsystem's Protect method and feed it as input to another subsystem's Unprotect method, which could compromise application security. The purposes parameter helps ensure that protected data can only be used by the component that originally generated it. Applications should make sure that each subsystem uses a unique purposes list.

so can anyone shed some light on what cipher this uses to "protect" the data sent into it? Any best practice on usage would be useful too. When is this appropriate to use, when not, etc.?

Answer 1

The machineKey Element specifies which algorithms and keys to use for encryption.

Following on from the comment, the documentation for the MachineKey class includes the following snippet that leads to the machineKey Element

The MachineKey class provides methods that expose the hashing and encryption logic that ASP.NET provides. For information about which encryption and hashing algorithms ASP.NET uses, and the key values that it uses with them, see machineKey Element (ASP.NET Settings Schema).