In ASP.NET 2.0 Membership (aspnet_Membership table) can anyone tell me
whether the web.config machineKey tag (with validationKey & decryptionKey)
actually controls how the aspnet_Membership.passwordAnswer column is
encrypted?

NOTE: In our situation, ALL users have the same static value for
passwordQuestion & passwordAnswer because we only reset/generate passwords
programmatically. The passwordAnswer column gets encrypted and it USED TO be
the same value
for everyone:
/BDizKy0FRtHQJxjTO3SnI/H/4g=
.... but now, it generates completely different values for every user:
sUmS0wDxiGK52o8r37dZDxbeCjI=
OdLx8wXO/cgRfvqKHlXV+I12HAg=

THE ISSUE:
The other day, we started getting an error when the user clicks the Change
Password button which calls:
public void ChangePassword()
{
Password = RandomPassword.Generate(8);
MembershipUser mu = Membership.GetUser(this.UserName);

string genPassword =
mu.ResetPassword("[REMOVEDasswordAnswer]"); //cannot run

mu.ChangePasswordQuestionAndAnswer(genPassword,
"[REMOVEDasswordQuestion]", "[REMOVEDasswordAnswer]");
mu.ChangePassword(genPassword, Password);
}

ERROR:
"The password-answer supplied is wrong."
(Obviously, an encryption issue, since all passwordAnswers are exactly the
same.)

We do not yet have a machineKey tag in web.config, so it should default to
AutoGenerate, which may create different values on different machines, right?
So, since I now want to control it (same encryption) across our Development
and Production machines, I want to add the keys I've generated.

With the machineKey tag, it still generates different keys for users... Is
it perhaps using values from the userid or username to create the encrypted
passwordAnswer?
Please help me better understand the process & how to control it.

PROVIDER:
<add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlConn" applicationName="[REMOVED]"
passwordStrengthRegularExpression="[REMOVED]" minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="1" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
requiresUniqueEmail="false" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" passwordAttemptWindow="10"/>