PBKDF2.Compare assumes equal string lengths #6
Description
The compare function of PBKDF2 uses Math.Min to check which string is the shortest to prevent index out of bounds exceptions. However, if the two strings are not of an equal length but the longer string starts with the shorter string, the function returns true:
var pbkdf2 = new PBKDF2();
var ret = pbkdf2.Compare("foo", "foobar");
// ret is now true
To fix this, the result variable should not be initialized by 0, but by the result of a string length comparison:
int result = passwordHash1.Length ^ passwordHash2.Length;