- Patch #723802 by pwolanin, grendzy: convert to sha-256 and hmac from md5 and sha1.

10 files changed, 170 insertions, 93 deletions

diff --git a/includes/actions.inc b/includes/actions.inc
index 8ca1e86c2..26788ed04 100644
--- a/includes/actions.inc
+++ b/includes/actions.inc
@@ -197,7 +197,7 @@ function actions_get_all_actions() {
 }
 
 /**
- * Creates an associative array keyed by md5 hashes of function names or IDs.
+ * Creates an associative array keyed by hashes of function names or IDs.
  *
  * Hashes are used to prevent actual function names from going out into HTML
  * forms and coming back.
@@ -207,14 +207,14 @@ function actions_get_all_actions() {
  *   and associative arrays with keys 'label', 'type', etc. as values.
  *   This is usually the output of actions_list() or actions_get_all_actions().
  * @return
- *   An associative array whose keys are md5 hashes of the input array keys, and
+ *   An associative array whose keys are hashes of the input array keys, and
  *   whose corresponding values are associative arrays with components
  *   'callback', 'label', 'type', and 'configurable' from the input array.
  */
 function actions_actions_map($actions) {
   $actions_map = array();
   foreach ($actions as $callback => $array) {
-    $key = md5($callback);
+    $key = drupal_hash_base64($callback);
     $actions_map[$key]['callback']     = isset($array['callback']) ? $array['callback'] : $callback;
     $actions_map[$key]['label']        = $array['label'];
     $actions_map[$key]['type']         = $array['type'];
@@ -224,12 +224,12 @@ function actions_actions_map($actions) {
 }
 
 /**
- * Given an md5 hash of an action array key, returns the key (function or ID).
+ * Given a hash of an action array key, returns the key (function or ID).
  *
  * Faster than actions_actions_map() when you only need the function name or ID.
  *
  * @param $hash
- *   MD5 hash of a function name or action ID array key. The array key
+ *   Hash of a function name or action ID array key. The array key
  *   is a key into the return value of actions_list() (array key is the action
  *   function name) or actions_get_all_actions() (array key is the action ID).
  * @return
@@ -239,13 +239,20 @@ function actions_function_lookup($hash) {
   // Check for a function name match.
   $actions_list = actions_list();
   foreach ($actions_list as $function => $array) {
-    if (md5($function) == $hash) {
+    if (drupal_hash_base64($function) == $hash) {
       return $function;
     }
   }
-
+  $aid = FALSE;
   // Must be a configurable action; check database.
-  return db_query("SELECT aid FROM {actions} WHERE MD5(aid) = :hash AND parameters <> ''", array(':hash' => $hash))->fetchField();
+  $result = db_query("SELECT aid FROM {actions} WHERE parameters <> ''")->fetchAll(PDO::FETCH_ASSOC);
+  foreach ($result as $row) {
+    if (drupal_hash_base64($row['aid']) == $hash) {
+      $aid = $row['aid'];
+      break;
+    }
+  }
+  return $aid;
 }
 
 /**
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index b1ed5ada2..3cc58e027 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -622,7 +622,7 @@ function drupal_settings_initialize() {
     ini_set('session.cookie_secure', TRUE);
   }
   $prefix = ini_get('session.cookie_secure') ? 'SSESS' : 'SESS';
-  session_name($prefix . md5($session_name));
+  session_name($prefix . substr(hash('sha256', $session_name), 0, 32));
 }
 
 /**
@@ -1698,6 +1698,91 @@ function drupal_block_denied($ip) {
 }
 
 /**
+ * Returns a string of highly randomized bytes (over the full 8-bit range).
+ *
+ * This function is better than simply calling mt_rand() or any other built-in
+ * PHP function because it can return a long string of bytes (compared to < 4
+ * bytes normally from mt_rand()) and uses the best available pseudo-random source.
+ *
+ * @param $count
+ *   The number of characters (bytes) to return in the string.
+ */
+function drupal_random_bytes($count)  {
+  // $random_state does not use drupal_static as it stores random bytes.
+  static $random_state, $bytes;
+  // Initialize on the first call. The contents of $_SERVER includes a mix of
+  // user-specific and system information that varies a little with each page.
+  if (!isset($random_state)) {
+    $random_state = print_r($_SERVER, TRUE);
+    if (function_exists('getmypid')) {
+      // further initialize with the somewhat random PHP process ID.
+      $random_state .= getmypid();
+    }
+    $bytes = '';
+  }
+  if (strlen($bytes) < $count) {
+    // /dev/urandom is available on many *nix systems and is considered the
+    // best commonly available pseudo-random source.
+    if ($fh = @fopen('/dev/urandom', 'rb')) {
+      // PHP only performs buffered reads, so in reality it will always read
+      // at least 4096 bytes. Thus, it costs nothing extra to read and store
+      // that much so as to speed any additional invocations.
+      $bytes .= fread($fh, max(4096, $count));
+      fclose($fh);
+    }
+    // If /dev/urandom is not available or returns no bytes, this loop will
+    // generate a good set of pseudo-random bytes on any system.
+    // Note that it may be important that our $random_state is passed
+    // through hash() prior to being rolled into $output, that the two hash()
+    // invocations are different, and that the extra input into the first one -
+    // the microtime() - is prepended rather than appended. This is to avoid
+    // directly leaking $random_state via the $output stream, which could
+    // allow for trivial prediction of further "random" numbers.
+    while (strlen($bytes) < $count) {
+      $random_state = hash('sha256', microtime() . mt_rand() . $random_state);
+      $bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
+    }
+  }
+  $output = substr($bytes, 0, $count);
+  $bytes = substr($bytes, $count);
+  return $output;
+}
+
+/**
+ * Calculate a base-64 encoded, URL-safe sha-256 hmac.
+ *
+ * @param $data
+ *   String to be validated with the hmac.
+ * @param $key
+ *   A secret string key.
+ *
+ * @return
+ *   A base-64 encoded sha-256 hmac, with + replaced with -, / with _ and
+ *   any = padding characters removed.
+ */
+function drupal_hmac_base64($data, $key) {
+  $hmac = base64_encode(hash_hmac('sha256', $data, $key, TRUE));
+  // Modify the hmac so it's safe to use in URLs.
+  return strtr($hmac, array('+' => '-', '/' => '_', '=' => ''));
+}
+
+/**
+ * Calculate a base-64 encoded, URL-safe sha-256 hash.
+ *
+ * @param $data
+ *   String to be hashed.
+ *
+ * @return
+ *   A base-64 encoded sha-256 hash, with + replaced with -, / with _ and
+ *   any = padding characters removed.
+ */
+function drupal_hash_base64($data) {
+  $hash = base64_encode(hash('sha256', $data, TRUE));
+  // Modify the hash so it's safe to use in URLs.
+  return strtr($hash, array('+' => '-', '/' => '_', '=' => ''));
+}
+
+/**
  * Generates a default anonymous $user object.
  *
  * @return Object - the user object.
@@ -2024,9 +2109,9 @@ function drupal_valid_test_ua($user_agent) {
   // the database is not yet initialized and we can't access any Drupal variables.
   // The file properties add more entropy not easily accessible to others.
   $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
-  $key = sha1(serialize($databases) . filectime($filepath) . fileinode($filepath), TRUE);
+  $key = serialize($databases) . filectime($filepath) . fileinode($filepath);
   // The HMAC must match.
-  return $hmac == base64_encode(hash_hmac('sha1', $check_string, $key, TRUE));
+  return $hmac == drupal_hmac_base64($check_string, $key);
 }
 
 /**
@@ -2041,12 +2126,12 @@ function drupal_generate_test_ua($prefix) {
     // check the HMAC before the database is initialized. filectime()
     // and fileinode() are not easily determined from remote.
     $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
-    $key = sha1(serialize($databases) . filectime($filepath) . fileinode($filepath), TRUE);
+    $key = serialize($databases) . filectime($filepath) . fileinode($filepath);
   }
    // Generate a moderately secure HMAC based on the database credentials.
    $salt = uniqid('', TRUE);
    $check_string = $prefix . ';' . time() . ';' . $salt;
-   return  $check_string . ';' . base64_encode(hash_hmac('sha1', $check_string, $key, TRUE));
+   return  $check_string . ';' . drupal_hmac_base64($check_string, $key);
 }
 
 /**
diff --git a/includes/common.inc b/includes/common.inc
index 454a4240d..e99b2319c 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -2895,7 +2895,7 @@ function drupal_aggregate_css(&$css_groups) {
         if ($group['preprocess'] && $preprocess_css) {
           // Prefix filename to prevent blocking by firewalls which reject files
           // starting with "ad*".
-          $filename = 'css_' . md5(serialize($group['items'])) . '.css';
+          $filename = 'css_' . drupal_hash_base64(serialize($group['items'])) . '.css';
           $css_groups[$key]['data'] = drupal_build_css_cache($group['items'], $filename);
         }
         break;
@@ -3767,7 +3767,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL) {
     // Prefix filename to prevent blocking by firewalls which reject files
     // starting with "ad*".
     foreach ($files as $key => $file_set) {
-      $filename = 'js_' . md5(serialize($file_set)) . '.js';
+      $filename = 'js_' . drupal_hash_base64(serialize($file_set)) . '.js';
       $uri = drupal_build_js_cache($file_set, $filename);
       // Only include the file if was written successfully. Errors are logged
       // using watchdog.
@@ -4341,45 +4341,6 @@ function drupal_json_output($var = NULL) {
 }
 
 /**
- * Returns a string of highly randomized bytes (over the full 8-bit range).
- *
- * This function is better than simply calling mt_rand() or any other built-in
- * PHP function because it can return a long string of bytes (compared to < 4
- * bytes normally from mt_rand()) and uses the best available pseudo-random source.
- *
- * @param $count
- *   The number of characters (bytes) to return in the string.
- */
-function drupal_random_bytes($count)  {
-  // $random_state does not use drupal_static as it stores random bytes.
-  static $random_state;
-  // We initialize with the somewhat random PHP process ID on the first call.
-  if (empty($random_state)) {
-    $random_state = getmypid();
-  }
-  $output = '';
-  // /dev/urandom is available on many *nix systems and is considered the best
-  // commonly available pseudo-random source.
-  if ($fh = @fopen('/dev/urandom', 'rb')) {
-    $output = fread($fh, $count);
-    fclose($fh);
-  }
-  // If /dev/urandom is not available or returns no bytes, this loop will
-  // generate a good set of pseudo-random bytes on any system.
-  // Note that it may be important that our $random_state is passed
-  // through md5() prior to being rolled into $output, that the two md5()
-  // invocations are different, and that the extra input into the first one -
-  // the microtime() - is prepended rather than appended. This is to avoid
-  // directly leaking $random_state via the $output stream, which could
-  // allow for trivial prediction of further "random" numbers.
-  while (strlen($output) < $count) {
-    $random_state = md5(microtime() . mt_rand() . $random_state);
-    $output .= md5(mt_rand() . $random_state, TRUE);
-  }
-  return substr($output, 0, $count);
-}
-
-/**
  * Get a salt useful for hardening against SQL injection.
  *
  * @return
@@ -4389,7 +4350,7 @@ function drupal_get_hash_salt() {
   global $drupal_hash_salt, $databases;
   // If the $drupal_hash_salt variable is empty, a hash of the serialized
   // database credentials is used as a fallback salt.
-  return empty($drupal_hash_salt) ? sha1(serialize($databases)) : $drupal_hash_salt;
+  return empty($drupal_hash_salt) ? hash('sha256', serialize($databases)) : $drupal_hash_salt;
 }
 
 /**
@@ -4400,7 +4361,7 @@ function drupal_get_hash_salt() {
  */
 function drupal_get_private_key() {
   if (!($key = variable_get('drupal_private_key', 0))) {
-    $key = md5(drupal_random_bytes(64));
+    $key = drupal_hash_base64(drupal_random_bytes(55));
     variable_set('drupal_private_key', $key);
   }
   return $key;
@@ -4413,10 +4374,7 @@ function drupal_get_private_key() {
  *   An additional value to base the token on.
  */
 function drupal_get_token($value = '') {
-  $private_key = drupal_get_private_key();
-  // A single md5() is vulnerable to length-extension attacks, so use it twice.
-  // @todo:  add md5 and sha1 hmac functions to core.
-  return md5(drupal_get_hash_salt() . md5(session_id() . $value . $private_key));
+  return drupal_hmac_base64($value, session_id() . drupal_get_private_key() . drupal_get_hash_salt());
 }
 
 /**
@@ -5247,7 +5205,7 @@ function drupal_render_cache_set(&$markup, $elements) {
 function drupal_render_cache_by_query($query, $function, $expire = CACHE_TEMPORARY, $granularity = NULL) {
   $cache_keys = array_merge(array($function), drupal_render_cid_parts($granularity));
   $query->preExecute();
-  $cache_keys[] = md5(serialize(array((string) $query, $query->getArguments())));
+  $cache_keys[] = hash('sha256', serialize(array((string) $query, $query->getArguments())));
   return array(
     '#query' => $query,
     '#pre_render' => array($function . '_pre_render'),
diff --git a/includes/form.inc b/includes/form.inc
index cd039d647..92574d202 100644
--- a/includes/form.inc
+++ b/includes/form.inc
@@ -203,7 +203,7 @@ function drupal_build_form($form_id, &$form_state) {
       }
 
       $form = drupal_retrieve_form($form_id, $form_state);
-      $form_build_id = 'form-' . md5(uniqid(mt_rand(), TRUE));
+      $form_build_id = 'form-' . drupal_hash_base64(uniqid(mt_rand(), TRUE) . mt_rand());
       $form['#build_id'] = $form_build_id;
 
       // Fix the form method, if it is 'get' in $form_state, but not in $form.
@@ -331,7 +331,7 @@ function drupal_rebuild_form($form_id, &$form_state, $old_form = NULL) {
   // Otherwise, a new #build_id is generated, to not clobber the previous
   // build's data in the form cache; also allowing the user to go back to an
   // earlier build, make changes, and re-submit.
-  $form['#build_id'] = isset($old_form['#build_id']) ? $old_form['#build_id'] : 'form-' . md5(mt_rand());
+  $form['#build_id'] = isset($old_form['#build_id']) ? $old_form['#build_id'] : 'form-' . drupal_hash_base64(uniqid(mt_rand(), TRUE) . mt_rand());
 
   // #action defaults to request_uri(), but in case of AJAX and other partial
   // rebuilds, the form is submitted to an alternate URL, and the original
diff --git a/includes/install.core.inc b/includes/install.core.inc
index 04b2fda29..5569208f8 100644
--- a/includes/install.core.inc
+++ b/includes/install.core.inc
@@ -1011,7 +1011,7 @@ function install_settings_form_submit($form, &$form_state) {
     'required' => TRUE,
   );
   $settings['drupal_hash_salt'] = array(
-    'value'    => sha1(drupal_random_bytes(64)),
+    'value'    => drupal_hash_base64(drupal_random_bytes(55)),
     'required' => TRUE,
   );
   drupal_rewrite_settings($settings);
diff --git a/includes/locale.inc b/includes/locale.inc
index 543ebc48a..39908ce8a 100644
--- a/includes/locale.inc
+++ b/includes/locale.inc
@@ -1680,7 +1680,7 @@ function _locale_rebuild_js($langcode = NULL) {
     }
 
     $data .= "'strings': " . drupal_json_encode($translations) . " };";
-    $data_hash = md5($data);
+    $data_hash = drupal_hash_base64($data);
   }
 
   // Construct the filepath where JS translation files are stored.
diff --git a/includes/menu.inc b/includes/menu.inc
index 8c2255067..f2e33002b 100644
--- a/includes/menu.inc
+++ b/includes/menu.inc
@@ -407,9 +407,9 @@ function menu_get_item($path = NULL, $router_item = NULL) {
     $parts = array_slice($original_map, 0, MENU_MAX_PARTS);
     $ancestors = menu_get_ancestors($parts);
 
-    // Since there is no limit to the length of $path, but the cids are
-    // restricted to 255 characters, use md5() to keep it short yet unique.
-    $cid = 'menu_item:' . md5($path);
+    // Since there is no limit to the length of $path, use a hash to keep it
+    // short yet unique.
+    $cid = 'menu_item:' . hash('sha256', $path);
     if ($cached = cache_get($cid, 'cache_menu')) {
       $router_item = $cached->data;
     }
@@ -1238,7 +1238,7 @@ function menu_tree_page_data($menu_name, $max_depth = NULL) {
  * Helper function - compute the real cache ID for menu tree data.
  */
 function _menu_tree_cid($menu_name, $data) {
-  return 'links:' . $menu_name . ':tree-data:' . $GLOBALS['language']->language . ':' . md5(serialize($data));
+  return 'links:' . $menu_name . ':tree-data:' . $GLOBALS['language']->language . ':' . hash('sha256', serialize($data));
 }
 
 /**
diff --git a/includes/password.inc b/includes/password.inc
index e82842634..553cae996 100644
--- a/includes/password.inc
+++ b/includes/password.inc
@@ -16,8 +16,8 @@
 
 /**
  * The standard log2 number of iterations for password stretching. This should
- * increase by 1 at least every other Drupal version in order to counteract
- * increases in the speed and power of computers available to crack the hashes.
+ * increase by 1 every Drupal version in order to counteract increases in the
+ * speed and power of computers available to crack the hashes.
  */
 define('DRUPAL_HASH_COUNT', 14);
 
@@ -32,6 +32,11 @@ define('DRUPAL_MIN_HASH_COUNT', 7);
 define('DRUPAL_MAX_HASH_COUNT', 30);
 
 /**
+ * The expected (and maximum) number of characters in a hashed password.
+ */
+define('DRUPAL_HASH_LENGTH', 55);
+
+/**
  * Returns a string for mapping an int to the corresponding base 64 character.
  */
 function _password_itoa64() {
@@ -49,7 +54,7 @@ function _password_itoa64() {
  * @return
  *   Encoded string
  */
-function _password_base64_encode($input, $count)  {
+function _password_base64_encode($input, $count) {
   $output = '';
   $i = 0;
   $itoa64 = _password_itoa64();
@@ -93,7 +98,7 @@ function _password_base64_encode($input, $count)  {
  *   A 12 character string containing the iteration count and a random salt.
  */
 function _password_generate_salt($count_log2) {
-  $output = '$P$';
+  $output = '$S$';
   // Minimum log2 iterations is DRUPAL_MIN_HASH_COUNT.
   $count_log2 = max($count_log2, DRUPAL_MIN_HASH_COUNT);
   // Maximum log2 iterations is DRUPAL_MAX_HASH_COUNT.
@@ -113,19 +118,23 @@ function _password_generate_salt($count_log2) {
  * for an attacker to try to break the hash by brute-force computation of the
  * hashes of a large number of plain-text words or strings to find a match.
  *
+ * @param $algo
+ *   The string name of a hashing algorithm usable by hash(), like 'sha256'.
  * @param $password
  *   The plain-text password to hash.
  * @param $setting
- *   An existing hash or the output of _password_generate_salt().
+ *   An existing hash or the output of _password_generate_salt().  Must be
+ *   at least 12 characters (the settings and salt).
  *
  * @return
  *   A string containing the hashed password (and salt) or FALSE on failure.
+ *   The return string will be truncated at DRUPAL_HASH_LENGTH characters max.
  */
-function _password_crypt($password, $setting)  {
+function _password_crypt($algo, $password, $setting) {
   // The first 12 characters of an existing hash are its setting string.
   $setting = substr($setting, 0, 12);
 
-  if (substr($setting, 0, 3) != '$P$') {
+  if ($setting[0] != '$' || $setting[2] != '$') {
     return FALSE;
   }
   $count_log2 = _password_get_count_log2($setting);
@@ -139,22 +148,21 @@ function _password_crypt($password, $setting)  {
     return FALSE;
   }
 
-  // We must use md5() or sha1() here since they are the only cryptographic
-  // primitives always available in PHP 5. To implement our own low-level
-  // cryptographic function in PHP would result in much worse performance and
-  // consequently in lower iteration counts and hashes that are quicker to crack
-  // (by non-PHP code).
-
+  // Convert the base 2 logrithm into an integer.
   $count = 1 << $count_log2;
 
-  $hash = md5($salt . $password, TRUE);
+  // We rely on the hash() function being available in PHP 5.2+.
+  $hash = hash($algo, $salt . $password, TRUE);
   do {
-    $hash = md5($hash . $password, TRUE);
+    $hash = hash($algo, $hash . $password, TRUE);
   } while (--$count);
 
-  $output =  $setting . _password_base64_encode($hash, 16);
+  $len = strlen($hash);
+  $output =  $setting . _password_base64_encode($hash, $len);
   // _password_base64_encode() of a 16 byte MD5 will always be 22 characters.
-  return (strlen($output) == 34) ? $output : FALSE;
+  // _password_base64_encode() of a 64 byte sha512 will always be 86 characters.
+  $expected = 12 + ceil((8 * $len) / 6);
+  return (strlen($output) == $expected) ? substr($output, 0, DRUPAL_HASH_LENGTH) : FALSE;
 }
 
 /**
@@ -182,7 +190,7 @@ function user_hash_password($password, $count_log2 = 0) {
     // Use the standard iteration count.
     $count_log2 = variable_get('password_count_log2', DRUPAL_HASH_COUNT);
   }
-  return _password_crypt($password, _password_generate_salt($count_log2));
+  return _password_crypt('sha512', $password, _password_generate_salt($count_log2));
 }
 
 /**
@@ -201,7 +209,7 @@ function user_hash_password($password, $count_log2 = 0) {
  *   TRUE or FALSE.
  */
 function user_check_password($password, $account) {
-  if (substr($account->pass, 0, 3) == 'U$P') {
+  if (substr($account->pass, 0, 2) == 'U$') {
     // This may be an updated password from user_update_7000(). Such hashes
     // have 'U' added as the first character and need an extra md5().
     $stored_hash = substr($account->pass, 1);
@@ -210,7 +218,23 @@ function user_check_password($password, $account) {
   else {
     $stored_hash = $account->pass;
   }
-  $hash = _password_crypt($password, $stored_hash);
+
+  $type = substr($stored_hash, 0, 3);
+  switch ($type) {
+    case '$S$':
+      // A normal Drupal 7 password using sha512.
+      $hash = _password_crypt('sha512', $password, $stored_hash);
+      break;
+    case '$H$':
+      // phpBB3 uses "$H$" for the same thing as "$P$".
+    case '$P$':
+      // A phpass password generated using md5.  This is an
+      // imported password or from an earlier Drupal version.
+      $hash = _password_crypt('md5', $password, $stored_hash);
+      break;
+    default:
+      return FALSE;
+  }
   return ($hash && $stored_hash == $hash);
 }
 
@@ -234,7 +258,7 @@ function user_check_password($password, $account) {
  */
 function user_needs_new_hash($account) {
   // Check whether this was an updated password.
-  if ((substr($account->pass, 0, 3) != '$P$') || (strlen($account->pass) != 34)) {
+  if ((substr($account->pass, 0, 3) != '$S$') || (strlen($account->pass) != DRUPAL_HASH_LENGTH)) {
     return TRUE;
   }
   // Check whether the iteration count used differs from the standard number.
diff --git a/includes/session.inc b/includes/session.inc
index 7dec4464d..67c52e6ef 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -206,7 +206,10 @@ function drupal_session_initialize() {
     // processes (like drupal_get_token()) needs to know the future
     // session ID in advance.
     $user = drupal_anonymous_user();
-    session_id(md5(uniqid('', TRUE)));
+    // Less random sessions (which are much faster to generate) are used for
+    // anonymous users than are generated in drupal_session_regenerate() when
+    // a user becomes authenticated.
+    session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE)));
   }
   date_default_timezone_set(drupal_get_user_timezone());
 }
@@ -284,7 +287,7 @@ function drupal_session_regenerate() {
   if ($is_https && variable_get('https', FALSE)) {
     $insecure_session_name = substr(session_name(), 1);
     $params = session_get_cookie_params();
-    $session_id = md5(uniqid(mt_rand(), TRUE));
+    $session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55));
     setcookie($insecure_session_name, $session_id, REQUEST_TIME + $params['lifetime'], $params['path'], $params['domain'], FALSE, $params['httponly']);
     $_COOKIE[$insecure_session_name] = $session_id;
   }
diff --git a/includes/update.inc b/includes/update.inc
index 424054584..317ffa577 100644
--- a/includes/update.inc
+++ b/includes/update.inc
@@ -294,7 +294,7 @@ function update_fix_d7_requirements() {
   global $update_rewrite_settings, $db_url;
   if (!empty($update_rewrite_settings)) {
     $databases = update_parse_db_url($db_url);
-    $salt = sha1(drupal_random_bytes(64));
+    $salt = drupal_hash_base64(drupal_random_bytes(55));
     file_put_contents(conf_path() . '/settings.php', "\n" . '$databases = ' . var_export($databases, TRUE) . ";\n\$drupal_hash_salt = '$salt';", FILE_APPEND);
   }
   if (drupal_get_installed_schema_version('system') < 7000 && !variable_get('update_d7_requirements', FALSE)) {