diff --git a/wp-admin/setup-config.php b/wp-admin/setup-config.php
index eba21f38a9..97fc342a5f 100644
--- a/wp-admin/setup-config.php
+++ b/wp-admin/setup-config.php
@@ -16,6 +16,11 @@
  */
 define('WP_INSTALLING', true);
 
+/**
+ * We are blissfully unaware of anything.
+ */
+define('WP_SETUP_CONFIG', true);
+
 /**
  * Disable error reporting
  *
@@ -179,11 +184,17 @@ switch($step) {
 	}
 	/**#@-*/
 
-	$secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/?salt=1' );
-	if ( is_wp_error( $secret_keys ) )
-		$secret_keys = false;
-	else
+	$secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
+	if ( is_wp_error( $secret_keys ) ) {
+		$secret_keys = array();
+		require_once( ABSPATH . WPINC . '/pluggable.php' );
+		for ( $i = 0; $i < 8; $i++ )
+			$secret_keys[] = wp_generate_password( 64 );
+	} else {
 		$secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
+		foreach ( $secret_keys as $k => $v )
+			$secret_keys[$k] = substr( $v, 28, 64 );
+	}
 	$key = 0;
 
 	foreach ($configFile as $line_num => $line) {
@@ -211,8 +222,7 @@ switch($step) {
 			case "define('SECURE_A":
 			case "define('LOGGED_I":
 			case "define('NONCE_SA":
-				if ( $secret_keys )
-					$configFile[$line_num] = str_replace('put your unique phrase here', substr( $secret_keys[$key++], 28, 64 ), $line );
+				$configFile[$line_num] = str_replace('put your unique phrase here', $secret_keys[$key++], $line );
 				break;
 		}
 	}
diff --git a/wp-config-sample.php b/wp-config-sample.php
index 9806ae5ab3..fc60a825e7 100644
--- a/wp-config-sample.php
+++ b/wp-config-sample.php
@@ -37,7 +37,7 @@ define('DB_COLLATE', '');
  * Authentication Unique Keys and Salts.
  *
  * Change these to different unique phrases!
- * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/?salt=1 WordPress.org secret-key service}
+ * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
  * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
  *
  * @since 2.6.0
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index e8e15002a1..27a231c2e7 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1495,12 +1495,16 @@ function wp_rand( $min = 0, $max = 0 ) {
 	// Reset $rnd_value after 14 uses
 	// 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
 	if ( strlen($rnd_value) < 8 ) {
-		$seed = get_transient('random_seed');
+		if ( defined( 'WP_SETUP_CONFIG' ) )
+			static $seed = '';
+		else
+			$seed = get_transient('random_seed');
 		$rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
 		$rnd_value .= sha1($rnd_value);
 		$rnd_value .= sha1($rnd_value . $seed);
 		$seed = md5($seed . $rnd_value);
-		set_transient('random_seed', $seed);
+		if ( ! defined( 'WP_SETUP_CONFIG' ) )
+			set_transient('random_seed', $seed);
 	}
 
 	// Take the first 8 digits for our value