Fixed issue where MD5 was always set for password hashing.

Refactored to remove class level hash algorithm variable that allowed for hash algorithm instance to be updated.

source/DasBlog.Web.Repositories/SiteSecurityManager.cs

@@ -5,28 +5,30 @@
 using System;
 using System.Linq;
 using System.Security.Cryptography;
-using System.Security.Principal;
 using System.Text;
 
 namespace DasBlog.Managers
 {
 	public class SiteSecurityManager : ISiteSecurityManager
 	{
-		private HashAlgorithm hashAlgorithm;
 		private readonly IDasBlogSettings dasBlogSettings;
 
 		public SiteSecurityManager( IDasBlogSettings dasBlogSettings)
 		{
 			this.dasBlogSettings = dasBlogSettings;
-			hashAlgorithm = SHA512Managed.Create();
 		}
 
 		public string HashPassword(string password)
 		{
-			hashAlgorithm = MD5CryptoServiceProvider.Create();
-			byte[] clearBytes = Encoding.Unicode.GetBytes(password);
+			var hashAlgorithm = SHA512Managed.Create();
+			return HashPassword(password, hashAlgorithm);
+		}
+
+		private string HashPassword(string password, HashAlgorithm hashAlgorithm)
+		{
+			var clearBytes = Encoding.Unicode.GetBytes(password);
 
-			byte[] hashedBytes = hashAlgorithm.ComputeHash(clearBytes);
+			var hashedBytes = hashAlgorithm.ComputeHash(clearBytes);
 
 			return BitConverter.ToString(hashedBytes);
 		}
@@ -40,12 +42,13 @@ public bool VerifyHashedPassword(string hashedPassword, string providedPassword)
 		{
 			string hashprovidedpassword = string.Empty;
 
+			HashAlgorithm hashAlgorithm = SHA512Managed.Create();
 			if (this.IsMd5Hash(hashedPassword))
 			{
 				hashAlgorithm = MD5CryptoServiceProvider.Create();
 			}
 
-			hashprovidedpassword = this.HashPassword(providedPassword);
+			hashprovidedpassword = HashPassword(providedPassword, hashAlgorithm);
 
 			if (hashedPassword.Equals(hashprovidedpassword, StringComparison.InvariantCultureIgnoreCase))
 			{