In ASP.Net, the normal way of encrypting an object ( as an exmaple a user cookie in the server side ) is read the shared key located in the machine.config file. The machine config file contains following config entries.
<configuration><system.web><machineKey decryptionKey="section for decryption key"
validationKey="section for validation key" /></system.web></configuration>Is this fully safe to use and safe to store key values like this? If not what are the other alternatives we have ?