Index: wp-admin/includes/ms.php
===================================================================
--- wp-admin/includes/ms.php	(revision 15614)
+++ wp-admin/includes/ms.php	(working copy)
@@ -571,19 +571,26 @@
 
 /* Warn the admin if SECRET SALT information is missing from wp-config.php */
 function secret_salt_warning() {
-	if ( !is_super_admin() )
+	global $wp_default_secret_key;
+
+	if ( ! is_super_admin() )
 		return;
+
 	$secret_keys = array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT' );
 	$out = '';
+	$bad_keys = array();
 	foreach( $secret_keys as $key ) {
-		if ( ! defined( $key ) )
+		if ( ! defined( $key ) || $wp_default_secret_key == constant( $key ) || '' == constant( $key ) ) {
+			$bad_keys[] = $key;
 			$out .= "define( '$key', '" . esc_html( wp_generate_password( 64, true, true ) ) . "' );<br />";
+		}
 	}
+
 	if ( $out != '' ) {
-		$msg  = __( 'Warning! WordPress encrypts user cookies, but you must add the following lines to <strong>wp-config.php</strong> for it to be more secure.' );
-		$msg .= '<br/>' . __( "Before the line <code>/* That's all, stop editing! Happy blogging. */</code> please add this code:" );
-		$msg .= "<br/><br/><code>$out</code>";
-
+		$msg = __( 'Warning! WordPress encrypts user cookies, but to take advantage of that security you must supply custom authentication keys and salts.' ) . '<br />';
+		$msg .= sprintf( __( 'The following authentication keys/salts are not defined, are blank or are using the default string: %s' ), implode( ', ', $bad_keys ) ) . '<br />';
+		$msg .= sprintf( __( 'To fix this you must add them to your <a href="%s">wp-config.php file</a>. You can generate these using the <a href="%s">WordPress.org secret-key service</a> or use the following:' ), 'http://codex.wordpress.org/Editing_wp-config.php#Security_Keys', 'https://api.wordpress.org/secret-key/1.1/salt/' );
+		$msg .= "<br /><code>$out</code>";
 		echo "<div class='update-nag'>$msg</div>";
 	}
 }