$OpenBSD: patch-ext_standard_password_c,v 1.1 2016/02/06 23:30:25 sthen Exp $
--- ext/standard/password.c.orig.port	Mon Feb  1 23:04:02 2016
+++ ext/standard/password.c	Mon Feb  1 23:51:51 2016
@@ -124,6 +124,9 @@ static int php_password_make_salt(size_t length, char 
 
 	buffer = (char *) safe_emalloc(raw_length, 1, 1);
 
+#if defined(__OpenBSD__)
+	arc4random_buf(buffer, raw_length);
+#else
 #if PHP_WIN32
 	{
 		BYTE *iv_b = (BYTE *) buffer;
@@ -156,6 +159,7 @@ static int php_password_make_salt(size_t length, char 
 			buffer[i] ^= (char) (255.0 * php_rand(TSRMLS_C) / RAND_MAX);
 		}
 	}
+#endif /* openbsd */
 
 	result = safe_emalloc(length, 1, 1); 
 	if (php_password_salt_to64(buffer, raw_length, length, result) == FAILURE) {
