public static bool Verify(string hashedPassword, string password)
{
if (hashedPassword == null) throw new ArgumentNullException("hashedPassword");
if (password == null) throw new ArgumentNullException("password");
var parts = Convert.FromBase64String(hashedPassword);
if (parts.Length != 54 || parts[0] != 0)
return false;
var salt = new byte[SaltSize];
Buffer.BlockCopy(parts, 1, salt, 0, SaltSize);
var bytes = new byte[Pbkdf2SubkeyLength];
Buffer.BlockCopy(parts, 17, bytes, 0, Pbkdf2SubkeyLength);
var iters = new byte[sizeof(int)];
Buffer.BlockCopy(parts, 50, iters, 0, sizeof(int));
if (!BitConverter.IsLittleEndian)
Array.Reverse(iters);
var iterations = BitConverter.ToInt32(iters, 0);
byte[] challengeBytes;
using (var algo = new Rfc2898DeriveBytes(password, salt, iterations))
challengeBytes = algo.GetBytes(32);
return ByteArraysEqual(bytes, challengeBytes);
}