--- scripts/zmupdate.pl.in.orig	2025-06-13 23:01:03 UTC
+++ scripts/zmupdate.pl.in
@@ -52,8 +52,6 @@ use version;
 use strict;
 use bytes;
 use version;
-use Crypt::Eksblowfish::Bcrypt;
-use Data::Entropy::Algorithms qw(rand_bits);
 
 # ==========================================================================
 #
@@ -1035,6 +1033,18 @@ sub migratePasswords {
 } # end sub patchDB
 
 sub migratePasswords {
+  use Crypt::Eksblowfish::Bcrypt;
+  my $random;
+  eval {
+    require Bytes::Random::Secure;
+    $random = Bytes::Random::Secure->new( Bits        => 16*8);
+  };
+  if ($@ or !$random) {
+    eval {
+      require Data::Entropy::Algorithms;
+      $random = Data::Entropy::Algorithms::rand_bits(16*8);
+    };
+  }
   print ("Migratings passwords, if any...\n");
   my $sql = 'SELECT * FROM `Users`';
   my $sth = $dbh->prepare_cached($sql) or die( "Can't prepare '$sql': ".$dbh->errstr() );
@@ -1043,7 +1053,7 @@ sub migratePasswords {
     my $scheme = substr($user->{Password}, 0, 1);
     if ($scheme eq '*') {
       print ('-->'.$user->{Username}." password will be migrated\n");
-      my $salt = Crypt::Eksblowfish::Bcrypt::en_base64(rand_bits(16*8));
+      my $salt = Crypt::Eksblowfish::Bcrypt::en_base64($random);
       my $settings = '$2a$10$'.$salt;
       my $pass_hash = Crypt::Eksblowfish::Bcrypt::bcrypt($user->{Password},$settings);
       my $new_pass_hash = '-ZM-'.$pass_hash;