I emailed Dmitry Skiba and actually got a response
Hi,
Actually I don't know nothing about cryptography, I just ported that code from C to Java many years ago. So I can't really answer your question.
Regards,
Dmitry
Hilarious.
I think this ends the discussion and the fix should be included in the main client... BloodyRookie (and doctorevil) obviously understands it much better