Account decryption.

[Pandoriaantje]

according to the wiki: To decrypt the file:

• Copy the first 16 bytes of the file to a buffer. This is the HMAC-SHA1 hash of the file which is made using one of the keys above.
• Use HMAC-SHA1 on that buffer with a key from above to create the RC4 key, which is 0x10 bytes.
• Decrypt 8 bytes after the hash of the file (at offset 0x10) using RC4. This is the confounder.
• Decrypt 380 bytes after the confounder using RC4. This is the decrypted account data.
• Make a hash of the confounder and decrypted data using HMAC-SHA1 and a key above and compare it to the first 16 bytes of the file, if it doesn't match then the decryption failed.

How does the math work out here? isn't a HMAC-SHA1 20 bytes instead of 16 bytes?