How are you hashing a password with a random 32 character string? I feel like you are mixing terms here or so you combine the password and the random element first or do you mean you decrypt the hash with a symmetric algo and get the 32 char string?
I tried to read it to figure out what the quantities that are dangerous are. Might be an idiot but I couldn't find anything in the text that supported the title