By default the membership provider in DNN uses SHA1 as the hashing algorithm. SHA1 is considered to be less secure so I'd like to change it to something which is more secure (if possible). Up until now I've not been able to find any DNN specific guidance in doing this, so I decided to ask around in the software development community to maybe get some pointers.
The membership provider and it's parameters are configured in the Web.config file. It looks like the following:
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
[code omitted]
</providers>
</membership>
Comments / suggestions are welcome. Especially if they are DNN specific.
As far as I understand this from here there is a validation attribute for the machineKey in the configuration where you may define the algorithm.
To define a custom hash algorithm, you can use the hashAlgorithmType attribute of the membership Element configuration element.