diff --git a/config.h b/config.h
index 4492e4b..7e324f7 100644
--- a/config.h
+++ b/config.h
@@ -81,6 +81,15 @@
 # define RANDOM_DEVICE "/dev/urandom"
 #endif
 
+/* use arc4random_buf instead if it is available */
+#if (defined __FreeBSD__ && __FreeBSD__ >= 9) || \
+    (defined __NetBSD__  && __NetBSD_Version__ >= 600000000) || \
+    (defined OpenBSD && OpenBSD >= 200805) || \
+    (defined __APPLE__ && defined __MACH__)
+# define HAVE_ARC4RANDOM_BUF
+# undef RANDOM_DEVICE
+#endif
+
 #ifdef ENABLE_NLS
 # ifndef NLS_CAT_NAME
 #  define NLS_CAT_NAME   "whois"
diff --git a/mkpasswd.c b/mkpasswd.c
index 63c82f1..ffd887e 100644
--- a/mkpasswd.c
+++ b/mkpasswd.c
@@ -383,20 +383,27 @@ void* get_random_bytes(const unsigned int count)
 }
 #endif
 
-#ifdef RANDOM_DEVICE
+#if defined RANDOM_DEVICE || defined HAVE_ARC4RANDOM_BUF
 
 void generate_salt(char *const buf, const unsigned int len)
 {
     unsigned int i;
+    unsigned char *entropy;
+
+#if defined HAVE_ARC4RANDOM_BUF
+    void *entropy = NOFAIL(malloc(len));
+    arc4random_buf(entropy, len);
+#else
+    entropy = get_random_bytes(len);
+#endif
 
-    unsigned char *entropy = get_random_bytes(len * sizeof(unsigned char));
     for (i = 0; i < len; i++)
 	buf[i] = valid_salts[entropy[i] % (sizeof valid_salts - 1)];
     buf[i] = '\0';
     free(entropy);
 }
 
-#else /* RANDOM_DEVICE */
+#else /* RANDOM_DEVICE || HAVE_ARC4RANDOM_BUF */
 
 void generate_salt(char *const buf, const unsigned int len)
 {
@@ -424,7 +431,7 @@ void generate_salt(char *const buf, const unsigned int len)
     buf[i] = '\0';
 }
 
-#endif /* RANDOM_DEVICE */
+#endif /* RANDOM_DEVICE || HAVE_ARC4RANDOM_BUF */
 
 void display_help(int error)
 {