--- includes/common.inc.orig	2005-09-13 22:53:40.000000000 -0400
+++ includes/common.inc	2005-09-13 22:54:02.000000000 -0400
@@ -1056,6 +1056,7 @@
   // this private key should always be kept secret
   if (!variable_get('drupal_private_key', '')) {
     variable_set('drupal_private_key', mt_rand());
+    variable_set('drupal_private_key_created', time());
   }
 
   // the verification token is an md5 hash of the form key and our private key
--- modules/system.module.orig	2005-09-13 23:01:06.000000000 -0400
+++ modules/system.module	2005-09-13 23:02:06.000000000 -0400
@@ -50,6 +50,20 @@
 }
 
 /**
+ * Implementation of hook_cron().
+ *
+ * Regularly regenerate our private key, by default every 24 hours.
+ */
+function system_cron() {
+  if ((time() - variable_get('drupal_private_key_created', 0)) >= 
+       variable_get('drupal_private_key_expire', 86400)) {
+    // our private key has expired, generate a new one
+    variable_set('drupal_private_key', mt_rand());
+    variable_set('drupal_private_key_created', time());
+  }
+}
+
+/**
  * Implementation of hook_menu().
  */
 function system_menu($may_cache) {