Index: contrib/auth/models.py
===================================================================
--- contrib/auth/models.py	(revision 7364)
+++ contrib/auth/models.py	(working copy)
@@ -8,8 +8,10 @@
 from django.utils.translation import ugettext_lazy as _
 import datetime
 import urllib
+import string
 
 UNUSABLE_PASSWORD = '!' # This will never be a valid hash
+SALT_CHARACTERS = string.ascii_letters + string.digits
 
 try:
     set
@@ -183,7 +185,7 @@
     def set_password(self, raw_password):
         import random
         algo = 'sha1'
-        salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5]
+        salt = ''.join(random.choice(SALT_CHARACTERS) for c in range(10))
         hsh = get_hexdigest(algo, salt, raw_password)
         self.password = '%s$%s$%s' % (algo, salt, hsh)