If for some reason the password is empty (bug or intentionally configured), avoid creating a possibly insecure hash. (cherry picked from commit 09659874)