Require the OpenSSL module instead of providing an unsafe fallback

refs #7163

library/Icinga/Authentication/Backend/DbUserBackend.php

@@ -144,12 +144,7 @@ class DbUserBackend extends UserBackend
      */
     protected function generateSalt()
     {
-        if (function_exists('openssl_random_pseudo_bytes')) {
+        return openssl_random_pseudo_bytes(self::SALT_LENGTH);
-            return openssl_random_pseudo_bytes(self::SALT_LENGTH);
-        } else {
-            // If you know a more secure way to generate a salt, do not hesitate to change this!
-            return substr(md5(mt_rand()), self::SALT_LENGTH);
-        }
     }
 
     /**

modules/setup/library/Setup/WebWizard.php

@@ -407,6 +407,15 @@ class WebWizard extends Wizard implements SetupWizard
             sprintf(mt('setup', 'You are running PHP on a %s system.'), Platform::getOperatingSystemName())
         );
 
+        $requirements->addMandatory(
+            mt('setup', 'PHP Module: OpenSSL'),
+            mt('setup', 'The PHP module for OpenSSL is required to generate cryptographically safe password salts.'),
+            Platform::extensionLoaded('openssl'),
+            Platform::extensionLoaded('openssl') ? mt('setup', 'The PHP module for OpenSSL is available.') : (
+                mt('setup', 'The PHP module for OpenSSL is missing.')
+            )
+        );
+
         $requirements->addOptional(
             mt('setup', 'PHP Module: JSON'),
             mt('setup', 'The JSON module for PHP is required for various export functionalities as well as APIs.'),