public void CreateUser(string username, string password)
{
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
var pbkfd2 = new Rfc2898DeriveBytes(password, salt, 1000);
byte[] hash = pbkfd2.GetBytes(20);
byte[] hashBytes = new byte[36];
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hash, 0, hashBytes, 16, 20);
database.AddUser(username, Convert.ToBase64String(hashBytes));
}