diff --git a/core/modules/user/lib/Drupal/user/Form/UserPasswordResetForm.php b/core/modules/user/lib/Drupal/user/Form/UserPasswordResetForm.php
index add599e..d771de1 100644
--- a/core/modules/user/lib/Drupal/user/Form/UserPasswordResetForm.php
+++ b/core/modules/user/lib/Drupal/user/Form/UserPasswordResetForm.php
@@ -77,7 +77,7 @@ public function submitForm(array &$form, array &$form_state) {
     watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $user->getUsername(), '%timestamp' => $form_state['values']['timestamp']));
     drupal_set_message($this->t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.'));
     // Let the user's password be changed without the current password check.
-    $token = Crypt::randomStringHashed(55);
+    $token = Crypt::randomBytesBase64(55);
     $_SESSION['pass_reset_' . $user->id()] = $token;
     $form_state['redirect_route']['route_name'] = 'user.edit';
     $form_state['redirect_route']['route_parameters'] = array('user' => $user->id());