salt generation is **not** secured
Closed this issue · 0 comments
docteurklein commented
http://stackoverflow.com/a/2595372/244058
we shouldn't rely on rand(). better deprecate the notion of salt generation altogether and let bcrypt handle it better than us.