Rt branch, 4.2/bcrypt-passwords, created. rt-4.1.19-109-g501c2fb

Sorry for missing this initially, but I think it’s important enough to
bring it up.

  •    # Generate a random 16-octet base64 salt
  •    $salt = "";
  •    $salt .= pack("C", int rand(256)) for 1..16;

rand() is not cryptographically secure[0], and you should not be
relying on it for salt generation. If RT doesn’t already have some
method of securing generating randomness, there are plenty of
third-party CPAN modules that you can use.


[0] rand - Perldoc Browser