Wt

Due to how this function is implemented, always copying three bytes, a heap-buffer-overflow has been introduced here.
Wt ought to be more defensive here. There are three choices:

• do not allow non-three divisible input. Simply throw an exception here. This seems excessive.

• correct the requested length to be valid. Again, this is tampering with what Wt shouldn't tamper with.

• correct the saltBuf variable, to contain two bytes more, ensuring any input always fits.

Only the last option seems to be a valid approach.

Of course, we should implement some tests (on length) to ensure its output is valid.