generate a random salt during installation and store it in the config.php. use it to salt the password hashing.