If you are using a hash to hide the value of a password then it
is a good idea to throw in a salt so that two people with the same
password will have different values stored. It also increases the
amount of work necessary to perform a dictionary attack on the
The only change I made was to substitute
SHA1CryptoServiceProvider with SHA1Managed to avoid leaving managed
code (SHA1CryptoServiceProvider is implemented using CAPI).