ViewState Encryption in ASP.Net

Why is it that I see the same hash value generated when I use different algorithms for viewstate encryption. I have added below lines to the web.config file

pages viewstateEncryptionMode="Always" enableViewStateMac="true".../>

machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="AES" decryption="Auto" />

Also, 开发者_运维问答compilation debug="false" ... > is set.

No matter what I use (AES, MD5, SHA1, 3DES), it generates the same hash. Is there something I am missing out.

Please let me know.

-Thanks

Here is an article on Encrypting Viewstate. It's for ASP.Net 2.0. which should be fine for 3.5.

Via P&P on MSDN:

Forms authentication defaults to SHA1 for tamper proofing (if or , then forms authentication hashes the forms authentication ticket by using either MD5 or HMACSHA1 (HMACSHA1 is used even if validation is set to AES or 3DES). Forms authentication then encrypts the ticket using the algorithm specified in the decryption attribute. (The decryption attribute was introduced in ASP.NET 2.0.)

Therefore, theoretically, only SHA1 and MD5 should differ in the hash that is produced.