diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 9d74a267fbeb130cee68099b2e24d19a0a2c263e..269ed1b4df54ca44031ddb044d84b4de6b048945 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -284,7 +284,7 @@ class Crypto
         }
 
         // hash w/ salt
-        if (!$salt) { // no salt provided, generate one
+        if ($salt === null) { // no salt provided, generate one
             // default 8 byte salt, but 4 byte for LDAP SHA1 hashes
             $bytes = ($algorithm == 'SSHA1') ? 4 : 8;
             $salt = openssl_random_pseudo_bytes($bytes);