If its possible - decrypt the password, and then re-encrypt with the SqlMembershipProvider.

However if hashing was used originally I think you're out of luck.  The second you change a salt value, even only 1 bit of the salt value, the resulting output is completely changed.

One other idea - you might be able to reuse the original hash if moving from a 5 byte to a 16 byte hash preserves the original hash value.

i.e.  Going from 12345 to 0000000000012345  should work since they are the same value.  This is just padding the original value out to a 16 byte boundary.

 However going from 12345 to 1234500000000000 won't work because the hash value has changed.

I tried prepending zeros to the original salt to get the required 16 byte length, but I was still unable to authenticate.  The process I'm using to migrate the hash is this:

1. Convert the original hash from a base-64 string to a byte array
2. Split the byte array into the password hash (first 20 bytes) and the salt hash (last 5 bytes)
3. Prepend the salt hash with 0s so it has the proper length (16 bytes)
4. Convert both hashes back to base-64 strings and store them in aspnet_Membership.Password and aspnet_Membership.PasswordSalt, respectively

Original 25-byte SHA1 hash w/ 5-byte salt packed onto the end: MqgahZtjM50JBzvWQ6IdFQbDHUjVIwWNIA==
20-byte password hash: MqgahZtjM50JBzvWQ6IdFQbDHUg=
16-byte salt hash (padded with 0s): AAAAAAAAAAAAAADVIwWNIA==

Anybody care to check my work?  Am I missing anything else?  Thanks.

You would have to step through in a debugger and look at the actual byte[] values that result when converting from the base64 string.  And then compare that to an attemped SHA1 encoding using the same cleartext password that was used to generate the hashed passwords in the first place.  Just looking at the base 64 strings above won't help since base64 encoding adds in its own pad characters - so its not clear from above if either the password or hash have been clipped.

For reference, this is the code the Sql membership provider reliese on for hashing passwords.  This code is also available for download as part of the overall ASP.NET provider tooklit up on MSDN.

        internal string EncodePassword(string pass, int passwordFormat, string salt)
        {
            if (passwordFormat == 0) // MembershipPasswordFormat.Clear
                return pass;

            byte[] bIn = Encoding.Unicode.GetBytes(pass);
            byte[] bSalt = Convert.FromBase64String(salt);
            byte[] bAll = new byte[bSalt.Length + bIn.Length];
            byte[] bRet = null;

            Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
            Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
            if (passwordFormat == 1)
            { // MembershipPasswordFormat.Hashed
                HashAlgorithm s = HashAlgorithm.Create( Membership.HashAlgorithmType );
                bRet = s.ComputeHash(bAll);
            } else
            {
                bRet = EncryptPassword( bAll );
            }

            return Convert.ToBase64String(bRet);
        }