Retrieve ASP.Net AutoGenerated MachineKey

I have a .Net 1.1 app that must be upgraded to 2.0. The application encrypts passwords in the database using MD5CryptoServiceProvider. After I upgraded to 2.0, the MD5 value was different. In the machine.confi开发者_开发技巧g, the machinekey was set to autogenerate.

Is there a way to retrieve this key?

Yes, you can with a bit of reflection, see here for details and code :)

Though, I'm not sure that MD5CryptoServiceProvider actually uses the machine key, I thought it was independent, someone correctly me in comments?

The System.Security.Cryptography.MD5CryptoServiceProvider doesn't rely on the ASP.NET system.web/machineKey settings. These are used to control tamper proofing and encryption of ViewState, forms authentication tickets, and role cookies (How To: Configure MachineKey in ASP.NET 2.0).

I just compiled a simple console application under .NET 1.1 and 2.0 that performs a MD5 hash and they both produce the same value. I ran these applications on two different machines (one with autogenerated machine keys, and one with hard coded keys), again, identical results.

This sounds like the Encoding used is possibly different, i.e. the 1.1 application is using ASCIIEncoding and the 2.0 application is using Unicode.

Another thing to check is if the method you're using a uses salt that you've forgotten about, that would certainly cause different hashes to be generated.