De Novo Software

Can confirm this issue. Root cause appears to be an unexpected buffer reuse in TDECHashAuthentication.PBKDF2, specifically that Result is referring to same TBytes as T after initial round (maybe an...

_SetLength_ is a bit excessive as it makes a copy every time, so I think that using an explicit copy during initial round is going to be clearer and also...

Those are the checks for TestRawByteString that validate the fix: ``` result := StringOf(ValidFormat(TFormat_HEX).Encode(THash_SHA1.PBKDF2('password', 'salt', 1, 16))); CheckEquals('0C60C80F961F0E71F3A9B524AF601206', result, 'SHA1 password salt 1 16'); result := StringOf(ValidFormat(TFormat_HEX).Encode(THash_SHA1.PBKDF2('password', 'salt', 1, 20)));...

I was able to apply patch on top of development branch, no conflicts. New test is still failing.

If you just want to reproduce the issue without the patch and new test, then simplest way would be to modify existing TestEncodeStream to use chunking when calling EncodeStream: ```...

Hi, Just to clarify, there were two separate issues: one was fixed in PR #51 and this one is another GCM-related issue, that was discovered while I was working on...