Hello,

We are currently running a project in which we wish to reengineer parts of
the System.Security.Cryptography namespace on a unix machine.

We discovered that the implementation of the PasswordDerivedBytes shows some
unexpected results in case the input is a 32 bytes length MD5 hash which is
iterated twice. It seems that the existing documentation on this function is
incorrect. It would be nice if we would know what exact algorithm is used to
calculate the 32 bytes version, since in theory an MD5 hash can never result
in a 32 byte length.

This is our C# code:

PasswordDeriveBytes pdb =
new PasswordDeriveBytes("secretkey",
Encoding.ASCII.getBytes("*&JHj_JHG"), "MD5", 2);

byte[] hash16bytes = pdb.getBytes(16);
byte[] hash32bytes = pdb.getBytes(32);

and results are:

For 16 bytes:

59 192 53 176 173 34 125 34 236 243 119 17 31 99 147 180

For 32 bytes:

115 229 92 88 209 121 109 87 144 35 48 70 22 39 222 198
159 230 239 240 3 64 182 168 91 39 214 244 54 200 89 222

So how is the 32 bytes result calculated?

Thanks,

rvangeldrop