Sorry for missing this initially, but I think it’s important enough to
bring it up.
# Generate a random 16-octet base64 salt
$salt = "";
$salt .= pack("C", int rand(256)) for 1..16;
rand() is not cryptographically secure[0], and you should not be
relying on it for salt generation. If RT doesn’t already have some
method of securing generating randomness, there are plenty of
third-party CPAN modules that you can use.
~reed