While mcrypt_create_iv and MCRYPT_DEV_URANDOM are both available in
Phalanger, when used it will generate a warning stating that the file
(/dev/urandom) cannot be read from.
The !$buffer_valid check would catch this, however there would still be
a warning generated every time a password was hashed.
In my opinion it is best to check if Phalanger is being used, and
prevent this path from executing in the first place.