«

How do the built in membership controls compute the password hash and
salt for storing in the memberstore? I am trying to create a custom
change password control but want to use the built-in login control. I
modified the following code from Microsoft to get it into VB but the
hashed password it creates is way longer than that created when I use
the Create User wizard. What am I doing wrong?

Public Shared Function ComputeHash(ByVal plainText As String,
_
ByVal hashAlgorithm As
String, _
ByRef saltBytes() As Byte)
_
As String

Dim saltsize As Integer
Dim passwordBytes() As Byte
Dim hash As HashAlgorithm

' If salt is not specified, generate it on the fly.


' Define min and max salt sizes.
'Dim minSaltSize As Integer
'Dim maxSaltSize As Integer

'minSaltSize = 8
'maxSaltSize = 8

' Generate a random number for the size of the salt.
'Dim random As Random
'random = New Random()

'Dim saltSize As Integer
'saltSize = random.Next(minSaltSize, maxSaltSize)


saltsize = 32
' Allocate a byte array, which will hold the salt.
saltBytes = New Byte(saltsize - 1) {}

System.Security.Cryptography.RNGCryptoServiceProvi der.Create().GetBytes(saltBytes)

' Convert the plain string password into bytes

passwordBytes =
UnicodeEncoding.Unicode.GetBytes(plainText)
Dim combinedBytes(passwordBytes.Length + saltBytes.Length
- 1) As Byte

' Append salt to password before hashing
System.Buffer.BlockCopy(passwordBytes, 0, combinedBytes,
0, passwordBytes.Length)
System.Buffer.BlockCopy(saltBytes, 0, combinedBytes,
passwordBytes.Length, saltBytes.Length)


' Fill the salt with cryptographically strong byte values.
'rng.GetNonZeroBytes(saltBytes)

' Because we support multiple hashing algorithms, we must
define
' hash object as a common (abstract) base class. We will
specify the
' actual hashing algorithm class later during object
creation.

' Make sure hashing algorithm name is specified.
If (hashAlgorithm Is Nothing) Then
hashAlgorithm = ""
End If

' Initialize appropriate hashing algorithm class.
Select Case hashAlgorithm.ToUpper()

Case "MD5"
hash = New MD5CryptoServiceProvider()
Case "SHA256"
hash = New SHA256Managed()

Case "SHA384"
hash = New SHA384Managed()

Case "SHA512"
hash = New SHA512Managed()

Case Else 'SHA1 = Default
hash = New SHA1Managed()

End Select

' Compute hash value of our plain text with appended salt.
Dim hashBytes As Byte()

hashBytes = hash.ComputeHash(combinedBytes)
' Append the salt to the hash
Dim hashPlusSalt(hashBytes.Length + saltBytes.Length) As
Byte
System.Buffer.BlockCopy(hashBytes, 0, hashPlusSalt, 0,
hashBytes.Length)
System.Buffer.BlockCopy(saltBytes, 0, hashPlusSalt,
hashBytes.Length, saltBytes.Length)

' Return the result.
ComputeHash = Convert.ToBase64String(hashPlusSalt)
End Function