diff --git a/samples/Mvc.Server/Startup.cs b/samples/Mvc.Server/Startup.cs
index b24c9de0..637d4257 100644
--- a/samples/Mvc.Server/Startup.cs
+++ b/samples/Mvc.Server/Startup.cs
@@ -1,8 +1,8 @@
 using System.Linq;
-using CryptoHelper;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.HttpOverrides;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
@@ -126,12 +126,14 @@ namespace Mvc.Server {
                     //     Secret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd"
                     // });
 
+                    var hasher = new PasswordHasher<Application>();
+
                     context.Applications.Add(new Application {
                         Id = "myClient",
                         DisplayName = "My client application",
                         RedirectUri = "http://localhost:53507/signin-oidc",
                         LogoutRedirectUri = "http://localhost:53507/",
-                        Secret = Crypto.HashPassword("secret_secret_secret"),
+                        Secret = hasher.HashPassword(null, "secret_secret_secret"),
                         Type = OpenIddictConstants.ApplicationTypes.Confidential
                     });
 
diff --git a/src/OpenIddict.Core/OpenIddictManager.cs b/src/OpenIddict.Core/OpenIddictManager.cs
index a5eff439..d33fffd2 100644
--- a/src/OpenIddict.Core/OpenIddictManager.cs
+++ b/src/OpenIddict.Core/OpenIddictManager.cs
@@ -6,7 +6,6 @@ using System.Threading;
 using System.Threading.Tasks;
 using AspNet.Security.OpenIdConnect.Extensions;
 using AspNet.Security.OpenIdConnect.Server;
-using CryptoHelper;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
@@ -204,7 +203,8 @@ namespace OpenIddict {
                 return false;
             }
 
-            if (!Crypto.VerifyHashedPassword(hash, secret)) {
+            var hasher = new PasswordHasher<TApplication>();
+            if (hasher.VerifyHashedPassword(application, hash, secret) == PasswordVerificationResult.Failed) {
                 Logger.LogWarning("Client authentication failed for {Client}.", await GetDisplayNameAsync(application));
 
                 return false;
diff --git a/src/OpenIddict.Core/project.json b/src/OpenIddict.Core/project.json
index 0d0ba42c..c32bc38f 100644
--- a/src/OpenIddict.Core/project.json
+++ b/src/OpenIddict.Core/project.json
@@ -5,7 +5,6 @@
 
     "dependencies": {
         "AspNet.Security.OpenIdConnect.Server": "1.0.0-*",
-        "CryptoHelper": "1.0.0-rc2-*",
         "JetBrains.Annotations": "10.1.2-eap",
         "Microsoft.AspNetCore.Cors": "1.0.0-*",
         "Microsoft.AspNetCore.Identity": "1.0.0-*",