pbkdf2 output size too high

[Terebi42]

A major issue is that you are pulling 64 bytes from deriveBytes, which is very expensive for almost no additional gain. You should be pulling a maximum of 20 bytes. This is causing your routine to run ~4x slower (each 20 bytes doubles costs. and you eat an entire x to generate those last 4 bytes), for no additional security gain (as attackers can generate only the first 20 bytes, and once they get a match there, calculate the remaining bytes)

See https://stackoverflow.com/questions/14394803/how-can-pbkdf2-using-hmac-sha-1-return-more-than-20-bytes

or https://www.owasp.org/index.php/Using_Rfc2898DeriveBytes_for_PBKDF2

"Using PBKDF2 for password storage, one should never output more bits than the base hash function's size. With PBKDF2-SHA1 this is 160 bits or 20 bytes. Output more bits doesn't make the hash more secure, but it costs the defender a lot more time while not costing the attacker. An attacker will just compare the first hash function sized output saving them the time to generate the reset of the PBKDF2 output"

[Terebi42]

FWIW I modified the call to only output 20 bytes. As expected it increased performance ~4x.

Also as expected, the 20 byte version matched the first 20 bytes of the 64 byte version, proving that there is no additional security benefit from the additional bytes. (An attacker could iterate until they matched the first 20 bytes, then once they found the winner, calculate the remaining bytes)