Re: How is .net generating extra bits in MD5?

From: Pete (jpeteb_at_hotmail.com)
Date: 01/26/05 

Date: 25 Jan 2005 17:59:26 -0800

Hi Shawn,

OK, I hope I am not being incredibly stupid here, but this is the
disconnect I'm having in my head. I've looked at PDKDF1, which says
that the length of the derived key is bounded by the length of the hash
function output, which is 16 octets or 128 bits in MD5. That I can
generate fine, but the code fragment is requesting 32 octets or 256
bits.

>>From your blog, it says "PBKDF1 will only produce the number of bytes
that the hash algorithm generates, but GetBytes will extend the result
further, allowing you to get a large number of bytes out of your
password."

There's my question - how is GetBytes() actually producing 16 octets
more than PDKDF1 says it should? I don't understand how GetBytes() is
extending the result past what PBKDF1 says. It seems that it must be
doing another hash to create the data, but how is that derived?

I need to make this work exactly like the .net version as we are using
this code to pass information between different OS'es, and if we can't
decode and encode on the foreign systems, that is a big problem.
Thanks for any more insight you can provide.

--pete