Hey everyone

I’m using the library to check passwords hashed with the now obsolete SHA1 algorithm.

I came up with the OemStringToUtf16UCharArray (in cCryptoApiNextGen_CharTranslate), which I’m using to build a UChar[] with the user password before hashing it. It is my understanding this function converts the OEM string to a Little-Endian UTF-16 string, which is used by Windows.

For example, character A would be 4100 (hex) in UTF16 LE and would get two items in the array:

[0] = 65 ‘A’ (41 hex)
[1] = 0

But I get two additional positions:

[2] = 0
[3] = 0

Which I guess have something to do with C string-terminations getting converted. I have to remove this two additional array elements, otherwise the hash produced will be different from the one stored in the DB.

These are old passwords hashed with the default ASP.Net membership provider (salt+password is hashed with the SHA1 algorithm) so I guess they were too generated by removing the trailing null character.

Any thoughts?

Also, do you know when the library will leave the beta status?