If for some reason the password is empty (bug or intentionally configured), avoid creating a possibly insecure hash.
mentioned in commit d1910a22