[schoen]

I assume tptacek's objection is that salts need to be unique (at most, unpredictable enough to discourage precomputation), and don't need to be produced by a CSPRNG.

Edit: or maybe something else from the editorial history of the document?

[tptacek]

There's that, but more generally and importantly, application developers who take special measures to generate salts tend not to be using secure password hashing algorithms --- the libraries for things like bcrypt tend to handle this for you.

[schoen]

Maybe akin to the "typing the letters A-E-S" in https://www.nccgroup.trust/us/about-us/newsroom-and-events/b...?