Bug (or specific issue?) with key generation when password enabled #3
Description
Even when password is enabled, for key generation only first 32 bytes of seed-password-iv buffer are used:
EVP_DigestInit(&ctx, EVP_sha1());
EVP_DigestUpdate(&ctx, buffer, OBFUSCATE_SEED_LENGTH + iv_len);
EVP_DigestFinal(&ctx, md_output, &md_len);
So, for instance, when password is longer then 16 bytes, the same key will be used for client and for server.