Random is insecure (obviously) #8
Description
So long as you are in IO, consider using the entropy package to get random bytes for the salt. As for the generator - several APIs for crypto-secure random generators exist, along with the generators to match