diff --git a/lib/setup.php b/lib/setup.php
index 54b6149fe27..7082f0b2afd 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -243,7 +243,7 @@ class OC_Setup {
 			$dbusername=substr('oc_'.$username, 0, 16);
 			if($dbusername!=$oldUser) {
 				//hash the password so we don't need to store the admin config in the config file
-				$dbpassword=md5(time().$dbpass);
+				$dbpassword=OC_Util::generate_random_bytes(30);
 
 				self::createDBUser($dbusername, $dbpassword, $connection);
 
@@ -333,7 +333,7 @@ class OC_Setup {
 			//add prefix to the postgresql user name to prevent collisions
 			$dbusername='oc_'.$username;
 			//create a new password so we don't need to store the admin config in the config file
-			$dbpassword=md5(OC_Util::generate_random_bytes(30));
+			$dbpassword=OC_Util::generate_random_bytes(30);
 
 			self::pg_createDBUser($dbusername, $dbpassword, $connection);
 
@@ -476,7 +476,7 @@ class OC_Setup {
 			//add prefix to the oracle user name to prevent collisions
 			$dbusername='oc_'.$username;
 			//create a new password so we don't need to store the admin config in the config file
-			$dbpassword=md5(time().$dbpass);
+			$dbpassword=OC_Util::generate_random_bytes(30);
 
 			//oracle passwords are treated as identifiers:
 			//  must start with aphanumeric char