The cookie encryption keys should be randomly generated

xwiki.cfg has two parameters, xwiki.authentication.validationKey and xwiki.authentication.encryptionKey, responsible for cookie encryption. These two have predefined values which can be used by an attacker to decode the username/password.

It would be better if the installer (.exe, ant or maven) would generate:
1. a random key pair
2. a host-dependent key-pair, different for each host, but always the same for a host