diff --git a/scrypt.cabal b/scrypt.cabal
--- a/scrypt.cabal
+++ b/scrypt.cabal
@@ -1,5 +1,5 @@
 name:           scrypt
-version:        0.4.0
+version:        0.5.0
 license:        BSD3
 license-file:   LICENSE
 category:       Cryptography
diff --git a/src/Crypto/Scrypt.hs b/src/Crypto/Scrypt.hs
--- a/src/Crypto/Scrypt.hs
+++ b/src/Crypto/Scrypt.hs
@@ -13,7 +13,9 @@
      ScryptParams, scryptParams, scryptParamsLen, defaultParams
     -- * Password Storage
     -- $password-storage
-    , EncryptedPass(..), encryptPass, encryptPass', verifyPass, verifyPass'
+    , EncryptedPass(..), encryptPassIO, encryptPassIO'
+    , newSalt, encryptPass, encryptPass'
+    , verifyPass, verifyPass'
     -- * Low-level bindings to the @scrypt@ key derivation function
     -- $low-level
     , Pass(..), Salt(..), PassHash(..), scrypt, scrypt'
@@ -95,7 +97,7 @@
   where
     valid = and [ logN > 0, r > 0, p > 0
                 , r*p < 2^(30 :: Int)
-                , bufLen > 0, bufLen <= 2^(32 :: Int)-1 * 32
+                , bufLen > 0, bufLen <= (2^(32 :: Int)-1) * 32
                 -- allocation fits into (virtual) memory
                 , 128*r*2^logN <= fromIntegral (maxBound :: CSize)
                 ]
@@ -123,16 +125,16 @@
 -- A usage example is given below, showing encryption, verification and
 -- changing 'ScryptParams':
 --
--- > >>> encrypted <- encryptPass defaultParams (Pass "secret")
+-- > >>> encrypted <- encryptPassIO defaultParams (Pass "secret")
 -- > >>> print encrypted
--- > EncryptedPass {unEncryptedPass = "14|8|1|Wn5x[SNIP]nM=|Zl+p[SNIP]g=="}
+-- > EncryptedPass {getEncryptedPass = "14|8|1|Wn5x[SNIP]nM=|Zl+p[SNIP]g=="}
 -- > >>> print $ verifyPass defaultParams (Pass "secret") encrypted
 -- > (True,Nothing)
 -- > >>> print $ verifyPass defaultParams (Pass "wrong") encrypted
 -- > (False,Nothing)
 -- > >>> let newParams = fromJust $ scryptParams 16 8 1
 -- > >>> print $ verifyPass newParams (Pass "secret") encrypted
--- > (True,Just (EncryptedPass {unEncryptedPass = "16|8|1|Wn5x[SNIP]nM=|ZmWw[SNIP]Q=="}))
+-- > (True,Just (EncryptedPass {getEncryptedPass = "16|8|1|Wn5x[SNIP]nM=|ZmWw[SNIP]Q=="}))
 --
 
 combine :: ScryptParams -> Salt -> PassHash -> EncryptedPass
@@ -155,18 +157,33 @@
     go _         = Nothing
     decodeBase64 = either (const Nothing) Just . Base64.decode
 
+-- |Generate a random 32-byte salt.
+--
+newSalt :: IO Salt
+newSalt = Salt <$> getEntropy 32
+
 -- |Encrypt the password with the given parameters and a random 32-byte salt.
 -- The salt is read from @\/dev\/urandom@ on Unix systems or @CryptoAPI@ on
 -- Windows.
 --
-encryptPass :: ScryptParams -> Pass -> IO EncryptedPass
-encryptPass params pass = do
-    salt <- Salt <$> getEntropy 32
-    return $ combine params salt (scrypt params salt pass)
+encryptPassIO :: ScryptParams -> Pass -> IO EncryptedPass
+encryptPassIO params pass = do
+    salt <- newSalt
+    return $ encryptPass params salt pass
 
+-- |Equivalent to @encryptPassIO defaultParams@.
+--
+encryptPassIO' :: Pass -> IO EncryptedPass
+encryptPassIO' = encryptPassIO defaultParams
+
+-- |Encrypt the password with the given parameters and salt.
+--
+encryptPass :: ScryptParams -> Salt -> Pass -> EncryptedPass
+encryptPass params salt pass = combine params salt (scrypt params salt pass)
+
 -- |Equivalent to @encryptPass defaultParams@.
 --
-encryptPass' :: Pass -> IO EncryptedPass
+encryptPass' :: Salt -> Pass -> EncryptedPass
 encryptPass' = encryptPass defaultParams
 
 -- |Verify a 'Pass' against an 'EncryptedPass'. The function also takes
diff --git a/test/Test.hs b/test/Test.hs
--- a/test/Test.hs
+++ b/test/Test.hs
@@ -44,27 +44,27 @@
 prop_WrongPassNotValid :: Pass -> Pass -> ScryptParams -> Property
 prop_WrongPassNotValid pass candidate params =
     pass /= candidate ==> morallyDubiousIOProperty $ do
-        encr <- encryptPass params pass
+        encr <- encryptPassIO params pass
         let (valid, newEncr) = verifyPass params candidate encr
         return $ not valid && isNothing newEncr
 
 prop_EncryptVerify :: Pass -> ScryptParams -> Property
 prop_EncryptVerify pass params =
     morallyDubiousIOProperty $ do
-        encr <- encryptPass params pass
+        encr <- encryptPassIO params pass
         let (valid, newEncr) = verifyPass params pass encr
         return $ valid && isNothing newEncr
 
 prop_EncryptVerify' :: Pass -> ScryptParams -> Property
 prop_EncryptVerify' pass params =
     morallyDubiousIOProperty $ do
-        encr <- encryptPass params pass
+        encr <- encryptPassIO params pass
         return $ verifyPass' pass encr
 
 prop_NewParamsNewEncr :: Pass -> ScryptParams -> ScryptParams -> Property
 prop_NewParamsNewEncr pass oldParams newParams =
     oldParams /= newParams ==> morallyDubiousIOProperty $ do
-        encr <- encryptPass oldParams pass        
+        encr <- encryptPassIO oldParams pass        
         let (valid,newEncr) = verifyPass newParams pass encr
         return $ valid && isJust newEncr && fromJust newEncr /= encr
 
