SHA1 Password Hashes in .NET 2.0
Starting to do some migration work and ran into a change in the framework that hasn't been well documented, luckily there is a good ASP.NET Forums post on the subject. A lot of sites that store user authentication info in the database will store a hashed password, often with SHA1 encryption that is then converted to an ASCII string. Then when the user attempts to log in, you just hash the password they provide and compare it to the database. The 2.0 Framework changes the way ASCII codes above 127 (which technically are invalid) are handled. The 1.1 Framework throws away the most significant bit, the 2.0 Framework returns, appropriately enough, the ASCII character code for question mark. To get the same behavior under 2.0, you have to do a bit of bitmasking, see the article for some sample code.
If you're like me and haven't done any bitwise operating lately, the VB.NET equivalent to the code in the post is something like, given a Byte array called PasswordHash
Dim PasswordHashConverted(PasswordHash.Length - 1) as Byte
Dim x as Integer
For x = 0 to PasswordHash.Length -1
PasswordHashConverted(x) = Convert.ToByte(Convert.ToInt16(PasswordHash(x) And 127))
Next