using System;

using System.Security.Cryptography;

using System.Web;

public class Program

{

    public static void Main()

    {

        string password = "hello world";

        Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, 16, 1000);

        var salt = rfc2898DeriveBytes.Salt;

        var bytes = rfc2898DeriveBytes.GetBytes(32);

        //original

        byte[] outputBytes = new byte[1 + 16 + 32];

        Buffer.BlockCopy(salt, 0, outputBytes, 1, 16);

        Buffer.BlockCopy(bytes, 0, outputBytes, 1 + 16, 32);

        Convert.ToBase64String(outputBytes).Dump();

        //mysql

        byte[] inArray = new byte[48];

        Buffer.BlockCopy((Array) salt, 0, (Array) inArray, 0, 16);

        Buffer.BlockCopy((Array) bytes, 0, (Array) inArray, 16, 32);

        Convert.ToBase64String(inArray).Dump();

        //tweaked

        //mysql

        byte[] arrrr = new byte[49];

        Buffer.BlockCopy((Array) salt, 0, (Array) arrrr, 1, 16);

        Buffer.BlockCopy((Array) bytes, 0, (Array) arrrr, 17, 32);

        Convert.ToBase64String(arrrr).Dump();

        //cleaned

        var cleaned = new byte[49];

        for(int i=1;i<49;i++){

            cleaned[i] = inArray[i-1];  

        }

        cleaned[0] = 0;

        Convert.ToBase64String(cleaned).Dump();

    }

}

​