Index: wp-config-sample.php
===================================================================
--- wp-config-sample.php	(revision 13010)
+++ wp-config-sample.php	(working copy)
@@ -42,10 +42,10 @@
  *
  * @since 2.6.0
  */
-define('AUTH_KEY', 'put your unique phrase here');
+define('AUTH_KEY',        'put your unique phrase here');
 define('SECURE_AUTH_KEY', 'put your unique phrase here');
-define('LOGGED_IN_KEY', 'put your unique phrase here');
-define('NONCE_KEY', 'put your unique phrase here');
+define('LOGGED_IN_KEY',   'put your unique phrase here');
+define('NONCE_KEY',       'put your unique phrase here');
 /**#@-*/
 
 /**
Index: wp-admin/setup-config.php
===================================================================
--- wp-admin/setup-config.php	(revision 13010)
+++ wp-admin/setup-config.php	(working copy)
@@ -168,6 +168,21 @@
 	if ( !empty($wpdb->error) )
 		wp_die($wpdb->error->get_error_message());
 
+	require_once( ABSPATH . WPINC . '/plugin.php' );
+	require_once( ABSPATH . WPINC . '/http.php' );
+	/**#@+
+	 * @ignore
+	 */
+	function get_bloginfo() {}
+	/**#@-*/
+
+	$secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/' );
+	if ( is_wp_error( $secret_keys ) )
+		$secret_keys = false;
+	else
+		$secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
+	$key = 0;
+
 	foreach ($configFile as $line_num => $line) {
 		switch (substr($line,0,16)) {
 			case "define('DB_NAME'":
@@ -185,6 +200,13 @@
 			case '$table_prefix  =':
 				$configFile[$line_num] = str_replace('wp_', $prefix, $line);
 				break;
+			case "define('AUTH_KEY":
+			case "define('SECURE_A":
+			case "define('LOGGED_I":
+			case "define('NONCE_KE":
+				if ( $secret_keys )
+					$configFile[$line_num] = str_replace('put your unique phrase here', substr( $secret_keys[$key++], 27, 64 ), $line );
+				break;
 		}
 	}
 	if ( ! is_writable(ABSPATH) ) :