use a bigger range of characters for password salts

_test/cases/inc/auth_password.test.php

@@ -39,6 +39,16 @@ class auth_password_test extends UnitTestCase {
         }
     }
 
+    function test_verifySelf(){
+        foreach($this->passes as $method => $hash){
+            $info = "testing method $method";
+            $this->signal('failinfo',$info);
+
+            $hash = auth_cryptPassword('foo'.$method);
+            $this->assertTrue(auth_verifyPassword('foo'.$method,$hash));
+        }
+    }
+
     function test_verifyPassword_nohash(){
         $this->assertTrue(auth_verifyPassword('foo','$1$$n1rTiFE0nRifwV/43bVon/'));
     }

inc/PassHash.class.php

@@ -77,11 +77,13 @@ class PassHash {
     /**
      * Create a random salt
      *
-     * @todo use full range of characters instead of hex values only
      * @param int $len - The length of the salt
      */
     public function gen_salt($len=32){
-        return substr(md5(uniqid(rand(), true)),0,$len);
+        $salt  = '';
+        $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+        for($i=0;$i<$len,$i++;) $salt .= $chars[mt_rand(0,61)];
+        return $salt;
     }
 
     /**