diff --git a/lib/getdef.c b/lib/getdef.c
index 25c0733..a9b6c42 100644
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -95,6 +95,8 @@ static struct itemdef def_table[] = {
 	{"UMASK", NULL},
 	{"USERDEL_CMD", NULL},
 	{"USERGROUPS_ENAB", NULL},
+	{"CRYPT_PREFIX", NULL},
+	{"CRYPT_ROUNDS", NULL},
 #ifndef USE_PAM
 	{"CHFN_AUTH", NULL},
 	{"CHSH_AUTH", NULL},
diff --git a/libmisc/salt.c b/libmisc/salt.c
index 6058f85..e6d03ff 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -1,6 +1,78 @@
 /*
  * salt.c - generate a random salt string for crypt()
  *
+ */
+
+#define _OW_SOURCE
+#include <stdio.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <crypt.h>
+#include "config.h"
+#include "defines.h"
+#include "getdef.h"
+#define RANDOM_DEVICE			"/dev/urandom"
+
+static int read_loop(int fd, char *buffer, int count)
+{
+	int offset, block;
+
+	offset = 0;
+	while (count > 0) {
+		block = read(fd, &buffer[offset], count);
+
+		if (block < 0) {
+			if (errno == EINTR) continue;
+ 			return block;
+		}
+		if (!block) return offset;
+
+		offset += block;
+		count -= block;
+	}
+
+	return offset;
+}
+
+char *
+crypt_make_salt(void)
+{
+	int fd;
+	char entropy[16];
+	char *retval;
+
+	fd = open(RANDOM_DEVICE, O_RDONLY);
+	if (fd < 0) {
+		perror("open: " RANDOM_DEVICE);
+		exit(1);
+	}
+
+	if (read_loop(fd, entropy, sizeof(entropy)) != sizeof(entropy)) {
+		close(fd);
+		fprintf(stderr, "Unable to obtain entropy from %s\n",
+			RANDOM_DEVICE);
+		exit(1);
+	}
+
+	close(fd);
+
+	retval = crypt_gensalt(getdef_str("CRYPT_PREFIX") ?: "",
+		getdef_num("CRYPT_ROUNDS", 0), entropy, sizeof(entropy));
+	memset(entropy, 0, sizeof(entropy));
+	if (!retval) {
+		fprintf(stderr, "Unable to generate a salt, "
+			"check your CRYPT_PREFIX and CRYPT_ROUNDS settings.\n");
+		exit(1);
+	}
+
+	return retval;
+}
+
+#if 0
+/*
  * Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>,
  * it is in the public domain.
  *
@@ -255,3 +327,4 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 	return result;
 }
 
+#endif
#diff --git a/man/login.defs.5 b/man/login.defs.5
#index 8d2b852..38aa78a 100644
#--- a/man/login.defs.5
#+++ b/man/login.defs.5
#@@ -244,6 +244,9 @@ will execute this shell instead of the users\' shell specified in
# If defined, login failures will be logged in this file in a utmp format\&.
# .RE
# .PP
#+CRYPT_PREFIX (string), CRYPT_ROUNDS (number)
#+The password hashing method and iteration count to use for group passwords that may be set with \fBgpasswd\fR(1).  Please refer to \fBcrypt\fR(3) for information on supported password hashing methods.
#+.PP
# \fBGID_MAX\fR (number), \fBGID_MIN\fR (number)
# .RS 4
# Range of group IDs used for the creation of regular groups by
#@@ -662,7 +665,7 @@ CHSH_AUTH LOGIN_STRING
# gpasswd
# .RS 4
# ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
#-SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
#+SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS CRYPT_PREFIX CRYPT_ROUNDS
# .RE
# .PP
# groupadd
#-- 
1.6.5.3