Hi,
I'm looking at the source code for the .net membership provider, and it sqlmembershipprovider.cs there are calls to EncryptPassword and DecryptPassword but I don't see the method anywhere in the source.
What algorithm are they using? Isn't the source for that released also?
SqlMembershipProvider derives from MembershipProvider from which it inherits EncryptPassword() and DecryptPassword().
Looking though the code with Reflector, it looks like the algorithm is DES if the key is 8 bytes long and AES (Rijndael) otherwise.
SqlMembershipProvider uses System.Web.Security.MembershipProvider as its base class. The EncryptPassword and DecryptPassword methods are being called on the base class.
Fire up .NET Reflector and point it at System.Web.Security.MembershipProvider and you'll see how they do it.
Although the encryption code is "public", the default encryption of the membership provider is based on the unique machine key.
Pretty sure the base Decrypt/EncryptPassword use the standard .NET implementation of AES, perhaps with a key defined somewhere, probably machine specific
See the AesManaged class.