From 6645a54cacb80ceb2d394ab6d3e3014bc9019a0c Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Thu, 4 Apr 2013 01:05:44 +0300
Subject: [PATCH] Use random bytes instead of time

Thanks for the heads-up @VicDeo :-)
---
 lib/setup.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/setup.php b/lib/setup.php
index 54b6149fe27..7082f0b2afd 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -243,7 +243,7 @@ class OC_Setup {
 			$dbusername=substr('oc_'.$username, 0, 16);
 			if($dbusername!=$oldUser) {
 				//hash the password so we don't need to store the admin config in the config file
-				$dbpassword=md5(time().$dbpass);
+				$dbpassword=OC_Util::generate_random_bytes(30);
 
 				self::createDBUser($dbusername, $dbpassword, $connection);
 
@@ -333,7 +333,7 @@ class OC_Setup {
 			//add prefix to the postgresql user name to prevent collisions
 			$dbusername='oc_'.$username;
 			//create a new password so we don't need to store the admin config in the config file
-			$dbpassword=md5(OC_Util::generate_random_bytes(30));
+			$dbpassword=OC_Util::generate_random_bytes(30);
 
 			self::pg_createDBUser($dbusername, $dbpassword, $connection);
 
@@ -476,7 +476,7 @@ class OC_Setup {
 			//add prefix to the oracle user name to prevent collisions
 			$dbusername='oc_'.$username;
 			//create a new password so we don't need to store the admin config in the config file
-			$dbpassword=md5(time().$dbpass);
+			$dbpassword=OC_Util::generate_random_bytes(30);
 
 			//oracle passwords are treated as identifiers:
 			//  must start with aphanumeric char
-- 
GitLab