Listing 1

' Encoding is found in System.Text.Encoding
Dim PWDArray() As Byte = Encoding.Unicode.GetBytes(strPassword)
' Convert is from System.Convert
Dim SaltArray() As Byte = Convert.FromBase64String(strSalt)
Dim HashArray() As Byte = Convert.FromBase64String(strHash)

' SHA1 from System.Security.Cryptography.SHA1
Dim HashResult As HashAlgorithm = SHA1.Create()

' CryptoStream from System.Security.Cryp
' tography.CryptoStream
Dim csRecreateHash As CryptoStream

' Hash the password we got back with the salt we
' stored
csRecreateHash = New CryptoStream(Stream.Null, HashResult,
CryptoStreamMode.Write)
csRecreateHash.Write(PWDArray, 0, PWDArray.Length)
csRecreateHash.Write(SaltArray, 0, SaltArray.Length)
csRecreateHash.FlushFinalBlock()
csRecreateHash.Close()

Dim HashRecalculated() As Byte = HashResult.Hash

'Compare the recalculated hash with the one stored in
' the database
bValidUser = CompareArrays(HashRecalculated, HashArray)

' The following test determines the course of action
' you take from here
If bValidUser Then
' Here you do what you will with your
' authenticated ' user
Else
'Kick this user to the curb, they aren’t valid
End If


Function CompareArrays(ByVal FirstArray As Byte(), ByVal SecondArray As Byte()) As Boolean
Dim result As Boolean = False
Dim bNotEqual As Boolean = False
Dim i As Int32
If FirstArray.Length = SecondArray.Length Then
For i = 0 To FirstArray.Length - 1
If FirstArray(i) <> SecondArray(i) Then
bNotEqual = True
Exit For
End If
Next I
End If

If bNotEqual Then
CompareArrays = False
Else
CompareArrays = True
End If

End Function