We have a new CMS7.5 (actually on 7.9) site. We also have an old CMS6R2 database which contains users we'd like to migrate across. As I understand it, the CMS6 users' passwords are hashed using SHA1, whereas from CMS7.5 passwords are hashed using HMACSHA512. This is controlled via web.config's membership hashAlgorithmType attribute. So in order to migrate the old users I need to change that attribute to SHA1, right? The trouble is that doing so doesn't seem to have any effect.

Initially I tested by changing the algorithm to SHA1 and seeing whether a login created using HMACSHA512 still worked. Surprisingly, it did, which can't be right.

I then set up two users with the same password, and hand-edited their PasswordSalts in dbo.Memberships so that they use the same salt. This allowed me to compare the hashed values. If I change the algorithm and reset the password (to the same password again) then, as it's been hashed with a different algorithm, I would expect to see a different hash. Except I don't. It isn't chnaging. This suggests that the algorithm hasn't actually changed.

Outputting Membership.HashAlgorithmType confirms the value of hashAlgorithmType. I have also tried setting it in machine.config. However it appears to be behaving as though nothing has been modified, apart from reporting the new value via Membership.HashAlgorithmType. What am I missing? I feel I'm missing something obvious.